CVE-2008-6788
published 2009-05-04CVE-2008-6788: SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via…
PriorityP432medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
0.92%
55.8th percentile
SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in an info action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| minddezign | photo_gallery | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g3j2-5wrp-398x: SQL injection vulnerability in MindDezign Photo Gallery 2
ghsa_unreviewed·2022-05-17·CVSS 5.1
CVE-2008-6789 [MEDIUM] CWE-89 GHSA-g3j2-5wrp-398x: SQL injection vulnerability in MindDezign Photo Gallery 2
SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788.
GHSA
GHSA-5w8v-fvq8-mrqq: SQL injection vulnerability in MindDezign Photo Gallery 2
ghsa_unreviewed·2022-05-17
CVE-2008-6788 [MEDIUM] CWE-89 GHSA-5w8v-fvq8-mrqq: SQL injection vulnerability in MindDezign Photo Gallery 2
SQL injection vulnerability in MindDezign Photo Gallery 2.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in an info action to index.php.
No detection rules found.
Exploit-DB
MindDezign Photo Gallery 2.2 - Arbitrary Add Admin
exploitdb·2008-10-23
CVE-2008-6790 MindDezign Photo Gallery 2.2 - Arbitrary Add Admin
MindDezign Photo Gallery 2.2 - Arbitrary Add Admin
---
#!/usr/bin/perl
#=============================================================
# MindDezign Photo 2.2 Gallery Arbitrary Add Admin Exploit
#=============================================================
# ,--^----------,--------,-----,-------^--,
# | ||||||||| `--------' | O .. CWH Underground ..
# `+---------------------------^----------|
# `\_,-------, _________________________|
# / XXXXXX /`| /
# / XXXXXX / `\ /
# / XXXXXX /\______(
# / XXXXXX /
# / XXXXXX /
# (________(
# `------'
#
#AUTHOR : CWH Underground
#DATE : 23 October 2008
#SITE : cwh.citec.us
#
#
#####################################################
#APPLICATION : MindDezign Photo Gallery
#VERSION : 2.2
#DOWNLOAD : http://gallery.minddezign.com/?module=download
##########
Exploit-DB
MindDezign Photo Gallery 2.2 - SQL Injection
exploitdb·2008-10-23
CVE-2008-6789 MindDezign Photo Gallery 2.2 - SQL Injection
MindDezign Photo Gallery 2.2 - SQL Injection
---
MindDezign Photo Gallery 2.2 (index.php id) Remote SQL Injection Vulnerability
,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground ..
`+---------------------------^----------|
`\_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / `\ /
/ XXXXXX /\______(
/ XXXXXX /
/ XXXXXX /
(________(
`------'
AUTHOR : CWH Underground
DATE : 23 October 2008
SITE : cwh.citec.us
#####################################################
APPLICATION : MindDezign Photo Gallery
VERSION : 2.2
DOWNLOAD : http://gallery.minddezign.com/?module=download
#####################################################
--- Remote SQL Injection ---
** Magic Quote must turn off **
[+] Vulnerable in index.php (id)
Exploit
[+] ht
No writeups or analysis indexed.
http://osvdb.org/49266http://secunia.com/advisories/32358http://www.securityfocus.com/bid/31893https://exchange.xforce.ibmcloud.com/vulnerabilities/46075https://www.exploit-db.com/exploits/6819http://osvdb.org/49266http://secunia.com/advisories/32358http://www.securityfocus.com/bid/31893https://exchange.xforce.ibmcloud.com/vulnerabilities/46075https://www.exploit-db.com/exploits/6819
2009-05-04
Published