CVE-2008-0504

high

Description

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.

References

http://www.waraxe.us/advisory-66.html

http://www.vupen.com/english/advisories/2008/0367

http://www.securitytracker.com/id?1019285

http://www.securityfocus.com/bid/27509

http://www.securityfocus.com/archive/1/487351/100/200/threaded

http://secunia.com/advisories/28682

http://coppermine-gallery.net/forum/index.php?topic=50103.0

Details

Source: Mitre, NVD

Published: 2008-01-31

Updated: 2018-10-16

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High