Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-0122 — SQL Injection in Photo Gallery

23 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

2.4%

top 14.80%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Coppermine Photo Gallery

Timeline

PublishedJan 9

Latest updateMay 1

Description

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDcoppermine/coppermine_photo_gallery1.4.10+14

🔴Vulnerability Details

GHSA

GHSA-j898-9qcx-cf3p: Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1↗2022-05-01

▶

CVEList

CVE-2007-0122: Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1↗2007-01-09

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Excel - Out-of-Bounds Read Code Execution (MS16-042)↗2016-04-14

▶

Exploit-DB

Coppermine Photo Gallery 1.4.11 - SQL Injection↗2007-01-05

▶

🔍Detection Rules

Suricata

ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- usermgr.php gid INSERT↗2010-07-30

▶

Suricata

ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start INSERT↗2010-07-30

▶

Suricata

ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start UNION SELECT↗2010-07-30

▶

Suricata

ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- db_ecard.php start UPDATE↗2010-07-30

▶

Suricata

ET WEB_SPECIFIC_APPS Coppermine Photo Gallery SQL Injection Attempt -- albmgr.php cat SELECT↗2010-07-30

▶