CVE-2007-0122 Information

Feb 14, 2021 cve

Description

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files related to the (4) filename_to_title and (5) del_titles functions.

Reference

http://acid-root.new.fr/poc/19070104.txt http://osvdb.org/35852 http://osvdb.org/35853 http://osvdb.org/35854 http://osvdb.org/35855 http://osvdb.org/35856 http://secunia.com/advisories/25846 http://securityreason.com/securityalert/2123 http://www.securityfocus.com/archive/1/456051/100/0/threaded http://www.securityfocus.com/bid/21894 https://www.exploit-db.com/exploits/3085

Share on: