Description

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.

Remediation

References

CVE-2008-0504

Related Vulnerabilities

Mailman Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2025-43919)

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-0130)

WordPress Plugin Form Vibes-Database Manager for Forms SQL Injection (1.4.5)

WordPress Plugin Coming soon and Maintenance mode Unspecified Vulnerability (3.5.4)

WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Arbitrary File Upload (0.1.0.22)

Severity

Medium

Classification

CVE-2008-0504 CWE-138

Tags

Missing Update Known Vulnerabilities