Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Coppermine Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2008-0504 - Vulnerability Database
Coppermine

Coppermine Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2008-0504

Medium
Reference: CVE-2008-0504
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2008-0504
Title: Coppermine Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

Multiple SQL injection vulnerabilities in Coppermine Photo Gallery (CPG) before 1.4.15 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) albumid (2) startpic and (3) numpics parameters to util.php and (4) cid_array parameter to reviewcom.php.