CVE-2007-0122

Published: Jan 9, 2007Modified: Apr 23, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.

Affected (15)

Products: Coppermine: Coppermine Photo Gallery

Coppermine

1 product

Coppermine Photo Gallery

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Coppermine Coppermine Photo Gallery	Up to 1.4.10
Coppermine Coppermine Photo Gallery	Version 1.0
Coppermine Coppermine Photo Gallery	Version 1.0_rc3
Coppermine Coppermine Photo Gallery	Version 1.1
Coppermine Coppermine Photo Gallery	Version 1.1_beta_2
Coppermine Coppermine Photo Gallery	Version 1.2.1
Coppermine Coppermine Photo Gallery	Version 1.2.2_b-nuke
Coppermine Coppermine Photo Gallery	Version 1.2.2_b
Coppermine Coppermine Photo Gallery	Version 1.2
Coppermine Coppermine Photo Gallery	Version 1.3.2
Coppermine Coppermine Photo Gallery	Version 1.3.3
Coppermine Coppermine Photo Gallery	Version 1.3.4
Coppermine Coppermine Photo Gallery	Version 1.3
Coppermine Coppermine Photo Gallery	Version 1.4.4
Coppermine Coppermine Photo Gallery	Version 1.4.9