CVE-2007-3558

Coppermine Photo Gallery < 1.4.10 - SQL Injection via Album Password Cookie

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3558. PoCs published by DarkFig.

AI-analyzed exploit summary This PHP script exploits a SQL injection vulnerability in Coppermine Photo Gallery <= 1.4.10 by injecting a UNION-based query to retrieve user credentials from the database. It includes authentication handling and proxy support for evasion.

Description

SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DarkFig · phpwebappsphp

https://www.exploit-db.com/exploits/3085

View Code ZIP pw:eip

This PHP script exploits a SQL injection vulnerability in Coppermine Photo Gallery <= 1.4.10 by injecting a UNION-based query to retrieve user credentials from the database. It includes authentication handling and proxy support for evasion.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Coppermine Photo Gallery <= 1.4.10

Auth required

Prerequisites: Valid admin credentials · Target URL · Proxy details (optional)

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/25846

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/24710

Patch x_refsource_confirm

http://coppermine-gallery.net/forum/index.php?topic=44845.0

Scores

EPSS 0.0102

EPSS Percentile 58.8%

Details

Status published

Products (1)

coppermine/coppermine_photo_gallery < 1.4.10

Published Jul 04, 2007

Tracked Since Feb 18, 2026