Vulnerability Details : CVE-2007-0122
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery 1.4.10 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via (1) the cat parameter to albmgr.php, and possibly (2) the gid parameter to usermgr.php; (3) the start parameter to db_ecard.php; and the albumid parameter to unspecified files, related to the (4) filename_to_title and (5) del_titles functions.
Vulnerability category: Sql Injection
Exploit prediction scoring system (EPSS) score for CVE-2007-0122
Probability of exploitation activity in the next 30 days: 0.59%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 76 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-0122
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
nvd@nist.gov |
References for CVE-2007-0122
Products affected by CVE-2007-0122
- cpe:2.3:a:coppermine:coppermine_photo_gallery:*:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1_beta_2:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0_rc3:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine:coppermine_photo_gallery:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.2_b-nuke:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine:coppermine_photo_gallery:1.1:*:*:*:*:*:*:*