Description

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.

Remediation

References

CVE-2008-0504

Related Vulnerabilities

WordPress Plugin Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) Cross-Site Scripting (9.7.1)

MySQL Deserialization of Untrusted Data Vulnerability (CVE-2019-14893)

Dot CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2022-45783)

WordPress Plugin Jetpack-WP Security, Backup, Speed, & Growth Multiple Vulnerabilities (3.7.0)

TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20111)

Severity

Medium

Classification

CVE-2008-0504 CWE-138

Tags

Missing Update Known Vulnerabilities