CVE-2007-0122

high

Description

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.

References

https://www.exploit-db.com/exploits/3085

http://www.securityfocus.com/archive/1/456051/100/0/threaded

http://securityreason.com/securityalert/2123

http://secunia.com/advisories/25846

http://osvdb.org/35856

http://osvdb.org/35855

http://osvdb.org/35854

http://osvdb.org/35853

http://osvdb.org/35852

http://acid-root.new.fr/poc/19070104.txt

Details

Source: Mitre, NVD

Published: 2007-01-09

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.01631