6.5

CVE-2007-0122

Exploit
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.02% 0.857
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://acid-root.new.fr/poc/19070104.txt
http://www.securityfocus.com/archive/1/456051/100/0/threaded
http://osvdb.org/35852
http://osvdb.org/35853
http://osvdb.org/35854
http://osvdb.org/35855
http://osvdb.org/35856
http://secunia.com/advisories/25846
http://securityreason.com/securityalert/2123
http://www.securityfocus.com/bid/21894
Exploit
https://www.exploit-db.com/exploits/3085