CVE-2007-0122

Coppermine Photo Gallery < 1.4.10 - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.

Exploits (2)

exploitdb WORKING POC VERIFIED
by DarkFig · phpwebappsphp
https://www.exploit-db.com/exploits/3085
exploitdb WORKING POC VERIFIED
by DarkFig · phpwebappsphp
https://www.exploit-db.com/exploits/29397

References (11)

Scores

EPSS 0.0358
EPSS Percentile 87.5%

Classification

Status draft

Affected Products (15)

coppermine/coppermine_photo_gallery < 1.4.10
coppermine/coppermine_photo_gallery
coppermine/coppermine_photo_gallery
coppermine/coppermine_photo_gallery
coppermine/coppermine_photo_gallery
coppermine/coppermine_photo_gallery
coppermine/coppermine_photo_gallery
coppermine/coppermine_photo_gallery
coppermine/coppermine_photo_gallery
coppermine/coppermine_photo_gallery
coppermine/coppermine_photo_gallery
coppermine/coppermine_photo_gallery
coppermine/coppermine_photo_gallery
coppermine/coppermine_photo_gallery
coppermine/coppermine_photo_gallery

Timeline

Published Jan 09, 2007
Tracked Since Feb 18, 2026