CVE-2008-1841 in Photo Galleryinfo

Summary

SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

04/16/2008

Disclosure

04/16/2008

Moderation

VulDB entry created

Entries

VDB-42007 (1)

CPE

ready

CWE

CWE-89 (Confirmed)

CVSS

7.3

EPSS

0.00566

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2008-1841
NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-1841
CVE Details	https://www.cvedetails.com/cve/CVE-2008-1841/

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!