{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-01-05T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "35853", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35853"}, {"name": "2123", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2123"}, {"name": "25846", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25846"}, {"tags": ["x_refsource_MISC"], "url": "http://acid-root.new.fr/poc/19070104.txt"}, {"name": "3085", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/3085"}, {"name": "35854", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35854"}, {"name": "35852", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35852"}, {"name": "20070105 Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/456051/100/0/threaded"}, {"name": "21894", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/21894"}, {"name": "35856", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35856"}, {"name": "35855", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/35855"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0122", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "35853", "refsource": "OSVDB", "url": "http://osvdb.org/35853"}, {"name": "2123", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2123"}, {"name": "25846", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25846"}, {"name": "http://acid-root.new.fr/poc/19070104.txt", "refsource": "MISC", "url": "http://acid-root.new.fr/poc/19070104.txt"}, {"name": "3085", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/3085"}, {"name": "35854", "refsource": "OSVDB", "url": "http://osvdb.org/35854"}, {"name": "35852", "refsource": "OSVDB", "url": "http://osvdb.org/35852"}, {"name": "20070105 Coppermine Photo Gallery <= 1.4.10 SQL Injection Exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/456051/100/0/threaded"}, {"name": "21894", "refsource": "BID", "url": "http://www.securityfocus.com/bid/21894"}, {"name": "35856", "refsource": "OSVDB", "url": "http://osvdb.org/35856"}, {"name": "35855", "refsource": "OSVDB", "url": "http://osvdb.org/35855"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0122", "datePublished": "2007-01-09T02:00:00", "dateReserved": "2007-01-08T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E1F67DD-8ED5-4E97-9EBE-3EDC01DE60BB", "versionEndIncluding": "1.4.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B04BAAEE-4047-47BE-AB93-3B3C923EF78F", "vulnerable": true}, {"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0_rc3:*:*:*:*:*:*:*", "matchCriteriaId": "D3479C85-5B30-43FE-9492-5438D27B8DC3", "vulnerable": true}, {"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "304B545E-1B2D-4794-B007-9562C027469D", "vulnerable": true}, {"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_beta_2:*:*:*:*:*:*:*", "matchCriteriaId": "8FCDC744-DAF3-449C-B3AE-BA420A636CBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "7CDBEDCE-787D-4523-A209-0CCFD6E41064", "vulnerable": true}, {"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "A6BBC5F9-1E40-47FF-9371-FD0C7A9458D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b:*:*:*:*:*:*:*", "matchCriteriaId": "C7292845-96FB-48BF-935F-9BD7772AFD16", "vulnerable": true}, {"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b-nuke:*:*:*:*:*:*:*", "matchCriteriaId": "2C635ED6-287F-426A-B19A-B92FB8A5CC3F", "vulnerable": true}, {"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "AB182E1B-9E32-46CA-9B49-5029107955D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*", "matchCriteriaId": "6DD2CA54-6534-4A4F-9667-8A594B7E43CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*", "matchCriteriaId": "BFF90F7F-070C-4ABE-8F94-7192F18B1A9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "91D223FD-D53B-45DA-AB15-B446ADA7B0A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "4D3BB681-16F8-441F-912C-9488791A6420", "vulnerable": true}, {"criteria": "cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*", "matchCriteriaId": "D7A89B92-8323-4240-80CE-102070202A09", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Coppermine Photo Gallery 1.4.10 y anteriores permiten a administradores autenticados remotamente ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro (1) cat de albmgr.php, y posiblemente (2) el par\u00e1metro gid de usermgr.php; (3) el par\u00e1metro start de db_ecard.php; y el par\u00e1metro albumid de archivos no especificados, relacionados con las funciones (4) filename_to_title y (5) del_titles."}], "id": "CVE-2007-0122", "lastModified": "2018-10-16T16:31:18.510", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-01-09T02:28:00.000", "references": [{"source": "cve@mitre.org", "url": "http://acid-root.new.fr/poc/19070104.txt"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35852"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35853"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35854"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35855"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/35856"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/25846"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2123"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/456051/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/21894"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/3085"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}