CVE-2007-3558 - SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers

CVE-2007-3558

Summary

SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.

References

http://coppermine-gallery.net/forum/index.php?topic=44845.0
http://secunia.com/advisories/25846
http://www.securityfocus.com/bid/24710

Vulnerable Configurations

cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*
cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 05-09-2008 - 21:26)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	24710
confirm	http://coppermine-gallery.net/forum/index.php?topic=44845.0
secunia	25846

Last major update

05-09-2008 - 21:26

Published

04-07-2007 - 16:30

Last modified

05-09-2008 - 21:26