Vulnerability Name:

CVE-2008-0939 (CCN-40599)

Assigned:2008-02-16
Published:2008-02-16
Updated:2017-09-29
Summary:Multiple SQL injection vulnerabilities in wppa.php in the WP Photo Album (WPPA) before 1.1 plugin for WordPress allow remote attackers to execute arbitrary SQL commands via (1) the photo parameter to index.php, used by the wppa_photo_name function; or (2) the album parameter to index.php, used by the wppa_album_name function.
Note: some of these details are obtained from third party information.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-89
Vulnerability Consequences:Data Manipulation
References:Source: MITRE
Type: CNA
CVE-2008-0939

Source: CCN
Type: WP Photo Album - WPPA Web page
WP Photo Album - WPPA

Source: CONFIRM
Type: UNKNOWN
http://me.mywebsight.ws/web/wppa/

Source: CCN
Type: SA28988
WordPress WP Photo Album Plugin "photo" SQL Injection

Source: SECUNIA
Type: Vendor Advisory
28988

Source: SREASON
Type: UNKNOWN
3693

Source: MISC
Type: UNKNOWN
http://weblogtoolscollection.com/archives/2008/02/21/photo-album-plugin-vulnerabilities/

Source: CCN
Type: OSVDB ID: 41858
WP Photo Album Plugin for WordPress index.php photo Parameter SQL Injection

Source: BUGTRAQ
Type: Exploit
20080216 WordPress album PHOTO SQL Injection

Source: BID
Type: Exploit
27832

Source: CCN
Type: BID-27832
WP Photo Album 'photo' Parameter SQL Injection Vulnerability

Source: CCN
Type: BID-29148
WordPress WP Photo Album Plugin 'photo' Parameter SQL Injection Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2008-0586

Source: XF
Type: UNKNOWN
photoalbum-index-sql-injection(40599)

Source: XF
Type: UNKNOWN
photoalbum-index-sql-injection(40599)

Source: EXPLOIT-DB
Type: UNKNOWN
5135

Vulnerable Configuration:Configuration 1:
  • cpe:/a:wordpress:photo_album_plugin:1.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    wordpress photo album plugin 1.1