CVE-2008-1840

Current Description

SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload.

Referenced by CVEs:CVE-2008-1841

Basic Data

PublishedApril 16, 2008
Last ModifiedAugust 08, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-89
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationSINGLE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score6.5
SeverityMEDIUM
Exploitability Score8.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCoppermineCoppermine Photo Gallery1.4*******
    2.3ApplicationCoppermineCoppermine Photo Gallery1.4.1*******
    2.3ApplicationCoppermineCoppermine Photo Gallery1.4.2*******
    2.3ApplicationCoppermineCoppermine Photo Gallery1.4.3*******
    2.3ApplicationCoppermineCoppermine Photo Gallery1.4.4*******
    2.3ApplicationCoppermineCoppermine Photo Gallery1.4.5*******
    2.3ApplicationCoppermineCoppermine Photo Gallery1.4.6*******
    2.3ApplicationCoppermineCoppermine Photo Gallery1.4.7*******
    2.3ApplicationCoppermineCoppermine Photo Gallery1.4.8*******
    2.3ApplicationCoppermineCoppermine Photo Gallery1.4.9*******
    2.3ApplicationCoppermineCoppermine Photo Gallery1.4.10*******
    2.3ApplicationCoppermineCoppermine Photo Gallery1.4.11*******
    2.3ApplicationCoppermineCoppermine Photo Gallery1.4.12*******
    2.3ApplicationCoppermineCoppermine Photo Gallery1.4.13*******
    2.3ApplicationCoppermineCoppermine Photo Gallery1.4.14*******
    2.3ApplicationCoppermineCoppermine Photo Gallery********1.4.16

Vulnerable Software List

VendorProductVersions
Coppermine Coppermine Photo Gallery *, 1.4, 1.4.1, 1.4.10, 1.4.11, 1.4.12, 1.4.13, 1.4.14, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9

References

NameSourceURLTags
http://forum.coppermine-gallery.net/index.php/topic,51787,0.htmlhttp://forum.coppermine-gallery.net/index.php/topic,51787,0.htmlCONFIRMExploit
29795http://secunia.com/advisories/29795SECUNIAVendor Advisory
http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=592069http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=592069CONFIRMPatch
44345http://www.osvdb.org/44345OSVDB
28766http://www.securityfocus.com/bid/28766BIDPatch
coppermine-upload-sql-injection(41784)https://exchange.xforce.ibmcloud.com/vulnerabilities/41784XF