SQL injection vulnerability in upload.php in Coppermine Photo Gallery (CPG) 1.4.16 and earlier allows remote authenticated users or user-assisted remote HTTP servers to execute arbitrary SQL commands via the Content-Type HTTP response header provided by the HTTP server that is used for an upload.
Software | From | Fixed in |
---|---|---|
coppermine / coppermine_photo_gallery | - | 1.4.16.x |
coppermine / coppermine_photo_gallery | 1.4 | 1.4.x |
coppermine / coppermine_photo_gallery | 1.4.1 | 1.4.1.x |
coppermine / coppermine_photo_gallery | 1.4.10 | 1.4.10.x |
coppermine / coppermine_photo_gallery | 1.4.11 | 1.4.11.x |
coppermine / coppermine_photo_gallery | 1.4.12 | 1.4.12.x |
coppermine / coppermine_photo_gallery | 1.4.13 | 1.4.13.x |
coppermine / coppermine_photo_gallery | 1.4.14 | 1.4.14.x |
coppermine / coppermine_photo_gallery | 1.4.2 | 1.4.2.x |
coppermine / coppermine_photo_gallery | 1.4.3 | 1.4.3.x |
coppermine / coppermine_photo_gallery | 1.4.4 | 1.4.4.x |
coppermine / coppermine_photo_gallery | 1.4.5 | 1.4.5.x |
coppermine / coppermine_photo_gallery | 1.4.6 | 1.4.6.x |
coppermine / coppermine_photo_gallery | 1.4.7 | 1.4.7.x |
coppermine / coppermine_photo_gallery | 1.4.8 | 1.4.8.x |
coppermine / coppermine_photo_gallery | 1.4.9 | 1.4.9.x |