SQL Injection Vulnerability in Coppermine Photo Gallery by Coppermine
CVE-2008-1840

Currently unrated

Key Information:

Vendor: Coppermine
Status: Coppermine Photo Gallery
Vendor: CVE Published:; 16 April 2008

What is CVE-2008-1840?

The Coppermine Photo Gallery contains a SQL injection vulnerability found in the upload.php script. This flaw allows remote authenticated users or user-assisted remote HTTP servers to pass arbitrary SQL commands through the Content-Type HTTP response header during uploads. Exploitation of this weakness could lead to unauthorized access to the database, making it imperative for users of affected versions to implement security measures.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/41784

vdb-entryx_refsource_XF

http://sourceforge.net/project/shownotes.php?group_id=896...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/28766

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2008
Vulnerability Reserved
Apr 16, 2008

JSON