CVE-2007-0122

Name of the Vulnerable Software and Affected Versions Coppermine Photo Gallery versions 1.4.10 and earlier

Description The issue allows remote authenticated administrators to execute arbitrary SQL commands. This can be achieved via the cat parameter to "albmgr.php", and possibly the gid parameter to "usermgr.php", the start parameter to "db ecard.php", and the albumid parameter to unspecified files. The filename to title and del titles functions are also related to this issue.

Recommendations For Coppermine Photo Gallery versions 1.4.10 and earlier, consider disabling access to the "albmgr.php" and "usermgr.php" files until a patch is available. Restrict the use of the cat, gid, start, and albumid parameters in the affected API endpoints to minimize the risk of exploitation. Avoid using the filename to title and del titles functions until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.