CVE-2008-0504

Coppermine Photo Gallery < 1.4.15 - Authenticated SQL Injection via Album Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0504. PoCs published by bazik.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in Coppermine Gallery 1.4.10, leveraging deserialization and cookie manipulation to write a PHP web shell to the target system. It automates the process of retrieving necessary paths and prefixes before executing the payload.

Description

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by bazik · phpwebappsphp

https://www.exploit-db.com/exploits/4950

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in Coppermine Gallery 1.4.10, leveraging deserialization and cookie manipulation to write a PHP web shell to the target system. It automates the process of retrieving necessary paths and prefixes before executing the payload.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Coppermine Gallery 1.4.10

No auth needed

Prerequisites: Target must be running Coppermine Gallery 1.4.10 · Album ID must be known or guessable

MITRE ATT&CK