Description

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.

Remediation

References

CVE-2008-0504

Related Vulnerabilities

Joomla! Core 3.0.x Cross-Site Scripting (3.0.0 - 3.0.3)

WordPress Plugin Duplicator-WordPress Migration Arbitrary File Disclosure (0.3.0)

Dolphin Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-3638)

Joomla! Core 2.5.x SQL Injection (2.5.0 - 2.5.1)

WordPress Plugin WP CSS 'wp-css-compress.php' Local File Disclosure (2.0.5)

Severity

Medium

Classification

CVE-2008-0504 CWE-138

Tags

Missing Update Known Vulnerabilities