⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2008-1841SQL Injection in Photo Gallery

CWE-89SQL Injection4 documents4 sources
Severity
6.8MEDIUMNVD
CNA6.5VulnCheck6.5
EPSS
0.6%
top 31.49%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
1
Coppermine Photo Gallery
Timeline
PublishedApr 16
Latest updateMay 1

Description

SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

3
GHSA
GHSA-p5rf-j39p-frph: SQL injection vulnerability in the session handling functionality in bridge/coppermine2022-05-01
CVEList
CVE-2008-1841: SQL injection vulnerability in the session handling functionality in bridge/coppermine2008-04-16
VulnCheck
coppermine coppermine_photo_gallery Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')2008
CVE-2008-1841 — SQL Injection in Photo Gallery | cvebase