CVE-2008-0504

Coppermine-gallery Coppermine Photo Gallery < 1.4.14 - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by bazik · phpwebappsphp

https://www.exploit-db.com/exploits/4950

View Code ZIP pw:eip

References (7)

[Patch] http://coppermine-gallery.net/forum/index.php?topic=50103.0

[Vendor Advisory] http://secunia.com/advisories/28682

[Patch] http://www.securityfocus.com/bid/27509

[Vendor Advisory] http://www.vupen.com/english/advisories/2008/0367

[Various Sources] http://www.waraxe.us/advisory-66.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/487351/100/200/threaded

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019285

Scores

EPSS 0.0072

EPSS Percentile 72.5%

Details

CWE

CWE-89

Status published

Products (20)

coppermine-gallery/coppermine_photo_gallery 1.0 (2 CPE variants)

coppermine-gallery/coppermine_photo_gallery 1.1 (2 CPE variants)

coppermine-gallery/coppermine_photo_gallery 1.1.0

coppermine-gallery/coppermine_photo_gallery 1.2

coppermine-gallery/coppermine_photo_gallery 1.2.0 (2 CPE variants)

coppermine-gallery/coppermine_photo_gallery 1.2.1 (3 CPE variants)

coppermine-gallery/coppermine_photo_gallery 1.3.0

coppermine-gallery/coppermine_photo_gallery 1.3.1

coppermine-gallery/coppermine_photo_gallery 1.3.2

coppermine-gallery/coppermine_photo_gallery 1.3.3

... and 10 more

Published Jan 31, 2008

Tracked Since Feb 18, 2026