Zero-day Vulnerability Database

Change view

Zero-day vulnerabilities discovered: 1

SQL injection in Coppermine Photo Gallery
CVE-2008-1841

SQL injection

The vulnerability allows a remote attacker to execute arbitrary SQL commands in web application database.

The vulnerability exists due to insufficient sanitization of user-supplied data passed via cookies to "coppermine.inc.php" script. A remote attacker can send a specially crafted HTTP request to vulnerable script and execute arbitrary SQL queries in backend database.

Successful exploitation of the vulnerability may result in website compromise.

Note: this vulnerability was being actively exploited.
i

The vulnerability was produced by inefficient patch for CVE-2008-1840

Software: Coppermine Photo Gallery

The vulnerability was produced by inefficient patch for CVE-2008-1840