Loading
Generated remediation guidance and an executive summary. No account required.
SQL injection vulnerability in the session handling functionality in bridge/coppermine.inc.php in Coppermine Photo Gallery (CPG) 1.4.17 and earlier allows remote attackers to execute arbitrary SQL commands via an input field associated with the session_id variable, as exploited in the wild in April 2008. NOTE: the fix for CVE-2008-1840 was intended to address this vulnerability, but is actually inapplicable.
Use CWE-89, Coppermine vendor hub and Coppermine Photo Gallery product page to widen CVE-2008-1841 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2007-1414, CVE-2007-4283 and CVE-2007-3558 for nearby disclosures in the same product family.