Coppermine Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2008-0504
Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid (2) startpic and (3) numpics parameters to util.php and (4) cid_array parameter to reviewcom.php.