CVE-2007-0122

Coppermine Photo Gallery < 1.4.10 - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.

Exploits (2)

exploitdb WORKING POC VERIFIED
by DarkFig · phpwebappsphp
https://www.exploit-db.com/exploits/3085
exploitdb WORKING POC VERIFIED
by DarkFig · phpwebappsphp
https://www.exploit-db.com/exploits/29397

References (11)

Scores

EPSS 0.0244
EPSS Percentile 85.2%

Details

Status published
Products (15)
coppermine/coppermine_photo_gallery 1.0
coppermine/coppermine_photo_gallery 1.0_rc3
coppermine/coppermine_photo_gallery 1.1
coppermine/coppermine_photo_gallery 1.1_beta_2
coppermine/coppermine_photo_gallery 1.2
coppermine/coppermine_photo_gallery 1.2.1
coppermine/coppermine_photo_gallery 1.2.2_b
coppermine/coppermine_photo_gallery 1.2.2_b-nuke
coppermine/coppermine_photo_gallery 1.3
coppermine/coppermine_photo_gallery 1.3.2
... and 5 more
Published Jan 09, 2007
Tracked Since Feb 18, 2026