Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-0504

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2008-0504
Last Modified 11 Sep 2009 12:00:00
Published 31 Jan 2008 03:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-0504

Summary

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authen ticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.

Vulnerable Systems

Application

  • Coppermine-gallery Coppermine Photo Gallery 1.0

  • Coppermine-gallery Coppermine Photo Gallery 1.1

  • Coppermine-gallery Coppermine Photo Gallery 1.1.0

  • Coppermine-gallery Coppermine Photo Gallery 1.2

  • Coppermine-gallery Coppermine Photo Gallery 1.2.0

  • Coppermine-gallery Coppermine Photo Gallery 1.2.1

  • Coppermine-gallery Coppermine Photo Gallery 1.3.0

  • Coppermine-gallery Coppermine Photo Gallery 1.3.1

  • Coppermine-gallery Coppermine Photo Gallery 1.3.2

  • Coppermine-gallery Coppermine Photo Gallery 1.3.3

  • Coppermine-gallery Coppermine Photo Gallery 1.3.4

  • Coppermine-gallery Coppermine Photo Gallery 1.3.5

  • Coppermine-gallery Coppermine Photo Gallery 1.4

  • Coppermine-gallery Coppermine Photo Gallery 1.4.0

  • Coppermine-gallery Coppermine Photo Gallery 1.4.1

  • Coppermine-gallery Coppermine Photo Gallery 1.4.10

  • Coppermine-gallery Coppermine Photo Gallery 1.4.11

  • Coppermine-gallery Coppermine Photo Gallery 1.4.12

  • Coppermine-gallery Coppermine Photo Gallery 1.4.13

  • Coppermine-gallery Coppermine Photo Gallery 1.4.14


References

BID - 27509

CONFIRM - http://coppermine-gallery.net/forum/index.php?topic=50103.0

MISC - http://www.waraxe.us/advisory-66.html

VUPEN - ADV-2008-0367

SECTRACK - 1019285

BUGTRAQ - 20080131 [waraxe-2008-SA#066] - Multiple Vulnerabilities in Coppermine 1.4.14

SECUNIA - 28682


Last Updated: 27 May 2016 10:46:50