CVE-2008-1840

Name of the Vulnerable Software and Affected Versions Coppermine Photo Gallery versions 1.4.16 and earlier

Description The issue allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands. This is achieved via the Content-Type HTTP response header provided by the HTTP server that is used for an upload, specifically targeting the upload.php file.

Recommendations For Coppermine Photo Gallery versions 1.4.16 and earlier, update to a version later than 1.4.16 to resolve the issue. As a temporary workaround, consider restricting access to the upload.php file to minimize the risk of exploitation.