Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2008-1841First vendor Publication2008-04-16
VendorCveLast vendor Modification2017-08-07

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Security Protection

ImpactsProvides unauthorized access : Allows partial confidentiality, integrity, and availability violation; Allows unauthorized disclosure of information; Allows disruption of service.

Detail

SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1841

CWE : Common Weakness Enumeration

%idName
100 %CWE-89Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application22

Open Source Vulnerability Database (OSVDB)

idDescription
44341Coppermine Photo Gallery bridge/coppermine.inc.php Bridge Wizard Session Cook...

Nessus® Vulnerability Scanner

DateDescription
2008-04-14Name : The remote web server contains a PHP application that is prone to a SQL injec...
File : coppermine_bridgemgr_sql_injection.nasl - Type : ACT_ATTACK

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/28767
CONFIRM http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge...
http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge...
http://forum.coppermine-gallery.net/index.php/topic,51882.0.html
http://sourceforge.net/project/shownotes.php?group_id=89658&release_id=59...
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/41788

Alert History

If you want to see full details history, please login or register.
0
1
2
3
DateInformations
2017-08-08 09:24:02
  • Multiple Updates
2016-04-26 17:19:24
  • Multiple Updates
2014-02-17 10:44:43
  • Multiple Updates
2013-05-11 00:15:23
  • Multiple Updates