CVE-2008-6789
published 2009-05-04CVE-2008-6789: SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login…
PriorityP432medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
0.93%
56.0th percentile
SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| minddezign | photo_gallery | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
MindDezign Photo Gallery 2.2 - Arbitrary Add Admin
exploitdb·2008-10-23
CVE-2008-6790 MindDezign Photo Gallery 2.2 - Arbitrary Add Admin
MindDezign Photo Gallery 2.2 - Arbitrary Add Admin
---
#!/usr/bin/perl
#=============================================================
# MindDezign Photo 2.2 Gallery Arbitrary Add Admin Exploit
#=============================================================
# ,--^----------,--------,-----,-------^--,
# | ||||||||| `--------' | O .. CWH Underground ..
# `+---------------------------^----------|
# `\_,-------, _________________________|
# / XXXXXX /`| /
# / XXXXXX / `\ /
# / XXXXXX /\______(
# / XXXXXX /
# / XXXXXX /
# (________(
# `------'
#
#AUTHOR : CWH Underground
#DATE : 23 October 2008
#SITE : cwh.citec.us
#
#
#####################################################
#APPLICATION : MindDezign Photo Gallery
#VERSION : 2.2
#DOWNLOAD : http://gallery.minddezign.com/?module=download
##########
Exploit-DB
MindDezign Photo Gallery 2.2 - SQL Injection
exploitdb·2008-10-23
CVE-2008-6789 MindDezign Photo Gallery 2.2 - SQL Injection
MindDezign Photo Gallery 2.2 - SQL Injection
---
MindDezign Photo Gallery 2.2 (index.php id) Remote SQL Injection Vulnerability
,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. CWH Underground ..
`+---------------------------^----------|
`\_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / `\ /
/ XXXXXX /\______(
/ XXXXXX /
/ XXXXXX /
(________(
`------'
AUTHOR : CWH Underground
DATE : 23 October 2008
SITE : cwh.citec.us
#####################################################
APPLICATION : MindDezign Photo Gallery
VERSION : 2.2
DOWNLOAD : http://gallery.minddezign.com/?module=download
#####################################################
--- Remote SQL Injection ---
** Magic Quote must turn off **
[+] Vulnerable in index.php (id)
Exploit
[+] ht
No writeups or analysis indexed.
http://secunia.com/advisories/32358https://exchange.xforce.ibmcloud.com/vulnerabilities/46075https://exchange.xforce.ibmcloud.com/vulnerabilities/50344https://www.exploit-db.com/exploits/6820http://secunia.com/advisories/32358https://exchange.xforce.ibmcloud.com/vulnerabilities/46075https://exchange.xforce.ibmcloud.com/vulnerabilities/50344https://www.exploit-db.com/exploits/6820
2009-05-04
Published