Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2007-1107

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-26 Feb, 2007 | 17:00
Updated At-07 Aug, 2024 | 12:43
Rejected At-
Credits

SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:26 Feb, 2007 | 17:00
Updated At:07 Aug, 2024 | 12:43
Rejected At:
▼CVE Numbering Authority (CNA)

SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/461158/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilities/32688
vdb-entry
x_refsource_XF
http://securityreason.com/securityalert/2297
third-party-advisory
x_refsource_SREASON
http://www.securityfocus.com/bid/22709
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/39806
vdb-entry
x_refsource_XF
https://www.exploit-db.com/exploits/3371
exploit
x_refsource_EXPLOIT-DB
https://www.exploit-db.com/exploits/4950
exploit
x_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/27372
vdb-entry
x_refsource_BID
https://www.exploit-db.com/exploits/4961
exploit
x_refsource_EXPLOIT-DB
http://osvdb.org/33133
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.securityfocus.com/archive/1/461158/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/32688
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://securityreason.com/securityalert/2297
Resource:
third-party-advisory
x_refsource_SREASON
Hyperlink: http://www.securityfocus.com/bid/22709
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/39806
Resource:
vdb-entry
x_refsource_XF
Hyperlink: https://www.exploit-db.com/exploits/3371
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: https://www.exploit-db.com/exploits/4950
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://www.securityfocus.com/bid/27372
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://www.exploit-db.com/exploits/4961
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://osvdb.org/33133
Resource:
vdb-entry
x_refsource_OSVDB
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/archive/1/461158/100/0/threaded
mailing-list
x_refsource_BUGTRAQ
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/32688
vdb-entry
x_refsource_XF
x_transferred
http://securityreason.com/securityalert/2297
third-party-advisory
x_refsource_SREASON
x_transferred
http://www.securityfocus.com/bid/22709
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/39806
vdb-entry
x_refsource_XF
x_transferred
https://www.exploit-db.com/exploits/3371
exploit
x_refsource_EXPLOIT-DB
x_transferred
https://www.exploit-db.com/exploits/4950
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://www.securityfocus.com/bid/27372
vdb-entry
x_refsource_BID
x_transferred
https://www.exploit-db.com/exploits/4961
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://osvdb.org/33133
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.securityfocus.com/archive/1/461158/100/0/threaded
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/32688
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://securityreason.com/securityalert/2297
Resource:
third-party-advisory
x_refsource_SREASON
x_transferred
Hyperlink: http://www.securityfocus.com/bid/22709
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/39806
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/3371
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/4950
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://www.securityfocus.com/bid/27372
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://www.exploit-db.com/exploits/4961
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://osvdb.org/33133
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:26 Feb, 2007 | 17:28
Updated At:16 Oct, 2018 | 16:36

SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
coppermine
coppermine
>>coppermine_photo_gallery>>1.3
cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3:*:*:*:*:*:*:*
coppermine
coppermine
>>coppermine_photo_gallery>>1.3.2
cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*
coppermine
coppermine
>>coppermine_photo_gallery>>1.3.3
cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*
coppermine
coppermine
>>coppermine_photo_gallery>>1.3.4
cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.4:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://osvdb.org/33133cve@mitre.org
N/A
http://securityreason.com/securityalert/2297cve@mitre.org
N/A
http://www.securityfocus.com/archive/1/461158/100/0/threadedcve@mitre.org
N/A
http://www.securityfocus.com/bid/22709cve@mitre.org
N/A
http://www.securityfocus.com/bid/27372cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/32688cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/39806cve@mitre.org
N/A
https://www.exploit-db.com/exploits/3371cve@mitre.org
N/A
https://www.exploit-db.com/exploits/4950cve@mitre.org
N/A
https://www.exploit-db.com/exploits/4961cve@mitre.org
N/A
Hyperlink: http://osvdb.org/33133
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://securityreason.com/securityalert/2297
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/archive/1/461158/100/0/threaded
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/22709
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/27372
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/32688
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/39806
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/3371
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/4950
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.exploit-db.com/exploits/4961
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

12Records found
CVE-2006-4321
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-16.41% / 94.62%
||
7 Day CHG+2.22%
Published-24 Aug, 2006 | 01:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in cpg.php in the Coppermine Photo Gallery component (com_cpg) 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

Action-Not Available
Vendor-copperminen/a
Product-coppermine_photo_galleryn/a
CVE-2006-2976
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.74% / 71.89%
||
7 Day CHG~0.00%
Published-12 Jun, 2006 | 22:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery before 1.4.7 has unknown impact and remote attack vectors, possibly related to authorization/authentication errors.

Action-Not Available
Vendor-copperminen/a
Product-coppermine_photo_galleryn/a
CVE-2006-3064
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.60% / 68.58%
||
7 Day CHG~0.00%
Published-19 Jun, 2006 | 10:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the add_hit function in include/function.inc.php in Coppermine Photo Gallery (CPG) 1.4.8, when "Keep detailed hit statistics" is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) referer and (2) user-agent HTTP headers.

Action-Not Available
Vendor-copperminen/a
Product-coppermine_photo_galleryn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2006-2514
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.74% / 72.00%
||
7 Day CHG~0.00%
Published-22 May, 2006 | 22:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.

Action-Not Available
Vendor-copperminen/a
Product-coppermine_photo_galleryn/a
CVE-2004-1988
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-10 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php.

Action-Not Available
Vendor-copperminefrancisco_burzin/a
Product-coppermine_photo_galleryphp-nuken/a
CVE-2006-5622
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.94% / 75.34%
||
7 Day CHG~0.00%
Published-31 Oct, 2006 | 20:00
Updated-07 Aug, 2024 | 19:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery 1.4.9 allows remote attackers to execute arbitrary SQL commands via the aid parameter.

Action-Not Available
Vendor-copperminen/a
Product-coppermine_photo_galleryn/a
CVE-2005-1225
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.50% / 65.05%
||
7 Day CHG~0.00%
Published-22 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php.

Action-Not Available
Vendor-copperminen/a
Product-coppermine_photo_galleryn/a
CVE-2004-1989
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.49%
||
7 Day CHG~0.00%
Published-10 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc.

Action-Not Available
Vendor-copperminefrancisco_burzin/a
Product-coppermine_photo_galleryphp-nuken/a
CVE-2007-3558
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.15%
||
7 Day CHG~0.00%
Published-04 Jul, 2007 | 16:00
Updated-16 Sep, 2024 | 18:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.

Action-Not Available
Vendor-copperminen/a
Product-coppermine_photo_galleryn/a
CVE-2005-1226
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.86% / 74.13%
||
7 Day CHG~0.00%
Published-22 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information.

Action-Not Available
Vendor-copperminen/a
Product-coppermine_photo_galleryn/a
CVE-2004-1987
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.28% / 51.31%
||
7 Day CHG~0.00%
Published-10 May, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters.

Action-Not Available
Vendor-copperminefrancisco_burzin/a
Product-coppermine_photo_galleryphp-nuken/a
CVE-2007-4283
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.40% / 88.56%
||
7 Day CHG~0.00%
Published-09 Aug, 2007 | 21:00
Updated-07 Aug, 2024 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in Coppermine Photo Gallery (CPG) 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the sourcedir parameter.

Action-Not Available
Vendor-copperminen/a
Product-coppermine_photo_galleryn/a
Details not found