CVE-2007-0122

Sažetak

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.

Reference

http://acid-root.new.fr/poc/19070104.txt
http://osvdb.org/35852
http://osvdb.org/35853
http://osvdb.org/35854
http://osvdb.org/35855
http://osvdb.org/35856
http://secunia.com/advisories/25846
http://securityreason.com/securityalert/2123
http://www.securityfocus.com/archive/1/456051/100/0/threaded
http://www.securityfocus.com/bid/21894
https://www.exploit-db.com/exploits/3085

CVSS

Base:	6.5
Impact:	6.4
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

16-10-2018 - 16:31

Objavljeno

09-01-2007 - 02:28