SQL Injection Vulnerability in Coppermine Photo Gallery by Coppermine Team
CVE-2008-1841

Currently unrated

Key Information:

Vendor: Coppermine
Status: Coppermine Photo Gallery
Vendor: CVE Published:; 16 April 2008

What is CVE-2008-1841?

A SQL injection flaw exists in the session management component of Coppermine Photo Gallery (CPG) 1.4.17 and earlier. This vulnerability allows attackers to manipulate SQL queries through the session_id input parameter, potentially resulting in unauthorized access to sensitive data. Attackers capitalized on this flaw, exploiting it in the wild as early as April 2008. Notably, previous attempts to patch related issues in CVE-2008-1840 did not effectively resolve this specific vulnerability.

References

http://www.securityfocus.com/bid/28767

vdb-entryx_refsource_BID

http://sourceforge.net/project/shownotes.php?group_id=896...

x_refsource_CONFIRM

http://forum.coppermine-gallery.net/index.php/topic%2C518...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 16, 2008
Vulnerability Reserved
Apr 16, 2008

JSON