Lucene search

[email protected]NVD:CVE-2008-1841

HistoryApr 16, 2008 - 5:05 p.m.

CVE-2008-1841

2008-04-1617:05:00

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.2

Confidence

Low

EPSS

0.005

Percentile

77.3%

JSON

SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.

Affected configurations

Nvd

Node

copperminecoppermine_photo_galleryMatch1.2.0

copperminecoppermine_photo_galleryMatch1.2.0rc2

copperminecoppermine_photo_galleryMatch1.2.1

copperminecoppermine_photo_galleryMatch1.3.0

copperminecoppermine_photo_galleryMatch1.3.1

copperminecoppermine_photo_galleryMatch1.3.2

copperminecoppermine_photo_galleryMatch1.3.3

copperminecoppermine_photo_galleryMatch1.3.5

copperminecoppermine_photo_galleryMatch1.4.2

copperminecoppermine_photo_galleryMatch1.4.4

copperminecoppermine_photo_galleryMatch1.4.5

copperminecoppermine_photo_galleryMatch1.4.6

copperminecoppermine_photo_galleryMatch1.4.7

copperminecoppermine_photo_galleryMatch1.4.8

copperminecoppermine_photo_galleryMatch1.4.9

copperminecoppermine_photo_galleryMatch1.4.10

copperminecoppermine_photo_galleryMatch1.4.11

copperminecoppermine_photo_galleryMatch1.4.12

copperminecoppermine_photo_galleryMatch1.4.13

copperminecoppermine_photo_galleryMatch1.4.14

copperminecoppermine_photo_galleryMatch1.4.16

copperminecoppermine_photo_galleryMatch1.4.17

VendorProductVersionCPE
copperminecoppermine_photo_gallery1.2.0cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.0:*:*:*:*:*:*:*
copperminecoppermine_photo_gallery1.2.0rc2cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.0rc2:*:*:*:*:*:*:*
copperminecoppermine_photo_gallery1.2.1cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*
copperminecoppermine_photo_gallery1.3.0cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.0:*:*:*:*:*:*:*
copperminecoppermine_photo_gallery1.3.1cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.1:*:*:*:*:*:*:*
copperminecoppermine_photo_gallery1.3.2cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*
copperminecoppermine_photo_gallery1.3.3cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*
copperminecoppermine_photo_gallery1.3.5cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.5:*:*:*:*:*:*:*
copperminecoppermine_photo_gallery1.4.2cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*
copperminecoppermine_photo_gallery1.4.4cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
coppermine	coppermine_photo_gallery	1.2.0	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.0:::::::*
coppermine	coppermine_photo_gallery	1.2.0rc2	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.0rc2:::::::*
coppermine	coppermine_photo_gallery	1.2.1	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.1:::::::*
coppermine	coppermine_photo_gallery	1.3.0	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.0:::::::*
coppermine	coppermine_photo_gallery	1.3.1	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.1:::::::*
coppermine	coppermine_photo_gallery	1.3.2	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.2:::::::*
coppermine	coppermine_photo_gallery	1.3.3	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.3:::::::*
coppermine	coppermine_photo_gallery	1.3.5	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.5:::::::*
coppermine	coppermine_photo_gallery	1.4.2	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.2:::::::*
coppermine	coppermine_photo_gallery	1.4.4	cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.4:::::::*

Rows per page:

1-10 of 221

References

coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380&r2=4381

coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log

forum.coppermine-gallery.net/index.php/topic%2C51882.0.html

secunia.com/advisories/29741

sourceforge.net/project/shownotes.php?group_id=89658&release_id=592069

www.securityfocus.com/bid/28767

exchange.xforce.ibmcloud.com/vulnerabilities/41788

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.2

Confidence

Low

EPSS

0.005

Percentile

77.3%

JSON

Related for NVD:CVE-2008-1841

cve2 cvelist2 prion2 nessus1 nvd1