Vulnerability Details : CVE-2007-1107
SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.
Vulnerability category: Sql Injection
Products affected by CVE-2007-1107
- cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.4:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-1107
85.85%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-1107
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2007-1107
-
https://www.exploit-db.com/exploits/4950
-
http://www.securityfocus.com/bid/22709
-
http://securityreason.com/securityalert/2297
-
http://www.securityfocus.com/archive/1/461158/100/0/threaded
-
https://www.exploit-db.com/exploits/3371
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/39806
-
http://www.securityfocus.com/bid/27372
-
https://www.exploit-db.com/exploits/4961
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/32688
Jump to