CVE-2008-1841 (GCVE-0-2008-1841)
Vulnerability from cvelistv5
Published
2008-04-16 17:00
Modified
2024-08-07 08:40
Severity ?
CWE
  • n/a
Summary
SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:40:59.593Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "28767",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/28767"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://forum.coppermine-gallery.net/index.php/topic%2C51882.0.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
          },
          {
            "name": "coppermine-coppermineinc-sql-injection(41788)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
          },
          {
            "name": "29741",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29741"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-04-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008.  NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "28767",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/28767"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://forum.coppermine-gallery.net/index.php/topic%2C51882.0.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
        },
        {
          "name": "coppermine-coppermineinc-sql-injection(41788)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
        },
        {
          "name": "29741",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29741"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1841",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008.  NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "28767",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/28767"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069"
            },
            {
              "name": "http://forum.coppermine-gallery.net/index.php/topic,51882.0.html",
              "refsource": "CONFIRM",
              "url": "http://forum.coppermine-gallery.net/index.php/topic,51882.0.html"
            },
            {
              "name": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381",
              "refsource": "CONFIRM",
              "url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381"
            },
            {
              "name": "coppermine-coppermineinc-sql-injection(41788)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41788"
            },
            {
              "name": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log",
              "refsource": "CONFIRM",
              "url": "http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log"
            },
            {
              "name": "29741",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29741"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1841",
    "datePublished": "2008-04-16T17:00:00",
    "dateReserved": "2008-04-16T00:00:00",
    "dateUpdated": "2024-08-07T08:40:59.593Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-1841\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-04-16T17:05:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008.  NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de inyecci\u00f3n SQL en la funcionalidad de manejo de sesi\u00f3n en bridge/coppermine.inc.php de Coppermine Photo Gallery (CPG) 1.4.17 y versiones anteriores permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de un campo de entrada asociado con la variable session_id, tal y como se realiza en exploits p\u00fablicos desde Abril del 2008.\\r\\nNOTA: el parche para CVE-2008-1840 ten\u00eda el prop\u00f3sito de abordar esta vulnerabilidad, pero es actualmente inaplicable.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C650302F-3CE7-43FB-A125-E753053BCE38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.0rc2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04F386E8-4F1F-498A-93A9-5F69E70BF131\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6BBC5F9-1E40-47FF-9371-FD0C7A9458D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36144FFF-3FC8-4C73-9FD1-3AA870BFF85A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6C04B35-6E90-4348-A954-02972BBBD0B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DD2CA54-6534-4A4F-9667-8A594B7E43CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFF90F7F-070C-4ABE-8F94-7192F18B1A9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E82C8348-DA66-4F92-A6B9-2F150AEF5E0F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAA317DD-C804-4349-9BDC-B23FAE493516\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D3BB681-16F8-441F-912C-9488791A6420\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"709BC7EC-6EAB-4880-B210-F6E154FF7CB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5C614B6-4BC6-4F77-8D4E-9EBDC69B396C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC4E2E91-3BDD-4308-A7FB-6C0EB6F3E115\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"492C36B4-FB91-4B29-A3B6-0BFF3EF01A87\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D7A89B92-8323-4240-80CE-102070202A09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1BCC40D-EF9C-4843-9183-EA725C9C03FA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0D02234-2729-499B-A686-F1F85401FEDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E21C42CB-86B1-4EC1-A508-809316F83CC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6626384-FA55-4B87-801B-554B9E7EC1F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84687B6F-B1A1-4CE0-A199-40CAF3D293C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06A2C9AC-7A77-4EE5-9F12-BD203FE08108\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:coppermine:coppermine_photo_gallery:1.4.17:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"50DB1549-0A92-4A3A-AAC1-931B0E394647\"}]}]}],\"references\":[{\"url\":\"http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://forum.coppermine-gallery.net/index.php/topic%2C51882.0.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29741\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/28767\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41788\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?r1=4380\u0026r2=4381\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://coppermine.svn.sourceforge.net/viewvc/coppermine/trunk/cpg1.4.x/bridge/coppermine.inc.php?view=log\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://forum.coppermine-gallery.net/index.php/topic%2C51882.0.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29741\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://sourceforge.net/project/shownotes.php?group_id=89658\u0026release_id=592069\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/28767\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/41788\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.