Coppermine Photo Gallery Favs SQL Injection Vulnerability

Bugtraq ID:	13287
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 20 2005 12:00AM
Updated:	Apr 20 2005 12:00AM
Credit:	Janek Vind <[email protected]> is credited with the discovery of this vulnerability.
Vulnerable:	Coppermine Photo Gallery 1.3.2
Not Vulnerable:	Coppermine Photo Gallery 1.3.3

Coppermine Photo Gallery Favs SQL Injection Vulnerability

Coppermine is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Coppermine Photo Gallery Favs SQL Injection Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Coppermine Photo Gallery Favs SQL Injection Vulnerability

Solution:
The vendor has addressed this issue in Coppermine Photo Gallery version 1.3.3.


Coppermine Photo Gallery 1.3.2

• Coppermine cpg1.3.3.zip
  http://prdownloads.sourceforge.net/coppermine/cpg1.3.3.zip?download

Coppermine Photo Gallery Favs SQL Injection Vulnerability

References:

• Coppermine Photo Gallery Homepage (Coppermine Photo Gallery)
  
• [waraxe-2005-SA#042] - Multiple vulnerabilities in Coppermine Photo Gallery 1.3. (Janek Vind )