WEB APPLICATION VULNERABILITIES Standard & Premium

Coppermine Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-0504)

Description

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid, (2) startpic, and (3) numpics parameters to util.php; and (4) cid_array parameter to reviewcom.php.

Remediation

References

Related Vulnerabilities

WordPress Plugin Staff Directory-Employee Directory for WordPress Unspecified Vulnerability (3.6.1)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4378)

Oracle JRE CVE-2012-0503 Vulnerability (CVE-2012-0503)

WordPress Plugin WP Live Chat Support Pro Arbitrary File Upload (8.0.06)

LimeSurvey Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2015-4628)

Severity

Medium

Classification

CVE-2008-0504 CWE-138

Tags

Missing Update Known Vulnerabilities