Lucene search

[email protected]CVE-2008-1841

HistoryApr 16, 2008 - 5:05 p.m.

CVE-2008-1841

2008-04-1617:05:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

coppermine photo gallery

cpg

vulnerability

cve-2008-1841

nvd

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.6%

JSON

SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.

Affected configurations

NVD

Node

copperminecoppermine_photo_galleryMatch1.2.0

copperminecoppermine_photo_galleryMatch1.2.0rc2

copperminecoppermine_photo_galleryMatch1.2.1

copperminecoppermine_photo_galleryMatch1.3.0

copperminecoppermine_photo_galleryMatch1.3.1

copperminecoppermine_photo_galleryMatch1.3.2

copperminecoppermine_photo_galleryMatch1.3.3

copperminecoppermine_photo_galleryMatch1.3.5

copperminecoppermine_photo_galleryMatch1.4.2

copperminecoppermine_photo_galleryMatch1.4.4

copperminecoppermine_photo_galleryMatch1.4.5

copperminecoppermine_photo_galleryMatch1.4.6

copperminecoppermine_photo_galleryMatch1.4.7

copperminecoppermine_photo_galleryMatch1.4.8

copperminecoppermine_photo_galleryMatch1.4.9

copperminecoppermine_photo_galleryMatch1.4.10

copperminecoppermine_photo_galleryMatch1.4.11

copperminecoppermine_photo_galleryMatch1.4.12

copperminecoppermine_photo_galleryMatch1.4.13

copperminecoppermine_photo_galleryMatch1.4.14

copperminecoppermine_photo_galleryMatch1.4.16

copperminecoppermine_photo_galleryMatch1.4.17

CPENameOperatorVersion
coppermine:coppermine_photo_gallerycoppermine coppermine photo galleryeq1.2.0
coppermine:coppermine_photo_gallerycoppermine coppermine photo galleryeq1.2.0rc2
coppermine:coppermine_photo_gallerycoppermine coppermine photo galleryeq1.2.1
coppermine:coppermine_photo_gallerycoppermine coppermine photo galleryeq1.3.0
coppermine:coppermine_photo_gallerycoppermine coppermine photo galleryeq1.3.1
coppermine:coppermine_photo_gallerycoppermine coppermine photo galleryeq1.3.2
coppermine:coppermine_photo_gallerycoppermine coppermine photo galleryeq1.3.3
coppermine:coppermine_photo_gallerycoppermine coppermine photo galleryeq1.3.5
coppermine:coppermine_photo_gallerycoppermine coppermine photo galleryeq1.4.2
coppermine:coppermine_photo_gallerycoppermine coppermine photo galleryeq1.4.4

CPE	Name	Operator	Version
coppermine:coppermine_photo_gallery	coppermine coppermine photo gallery	eq	1.2.0
coppermine:coppermine_photo_gallery	coppermine coppermine photo gallery	eq	1.2.0rc2
coppermine:coppermine_photo_gallery	coppermine coppermine photo gallery	eq	1.2.1
coppermine:coppermine_photo_gallery	coppermine coppermine photo gallery	eq	1.3.0
coppermine:coppermine_photo_gallery	coppermine coppermine photo gallery	eq	1.3.1
coppermine:coppermine_photo_gallery	coppermine coppermine photo gallery	eq	1.3.2
coppermine:coppermine_photo_gallery	coppermine coppermine photo gallery	eq	1.3.3
coppermine:coppermine_photo_gallery	coppermine coppermine photo gallery	eq	1.3.5
coppermine:coppermine_photo_gallery	coppermine coppermine photo gallery	eq	1.4.2
coppermine:coppermine_photo_gallery	coppermine coppermine photo gallery	eq	1.4.4

Rows per page:

1-10 of 221

References

coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380&r2=4381

coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log

forum.coppermine-gallery.net/index.php/topic%2C51882.0.html

secunia.com/advisories/29741

sourceforge.net/project/shownotes.php?group_id=89658&release_id=592069

www.securityfocus.com/bid/28767

exchange.xforce.ibmcloud.com/vulnerabilities/41788

8.4 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.6%

JSON

Related for CVE-2008-1841

cvelist2 prion2 nvd2 nessus1 cve1