CVE-2006-5140

Lappy512 PHP Krazy Image Host Script 0.7a - SQL Injection

Title source: llm

Description

SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script (phpkimagehost) 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Trex · phpwebappsphp

https://www.exploit-db.com/exploits/2456

View Code ZIP pw:eip

References (3)

[Exploit] http://www.securityfocus.com/bid/20270

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/29270

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/2456

Scores

EPSS 0.0168

EPSS Percentile 82.2%

Details

Status published

Products (1)

lappy512/php_krazy_image_host_script 0.7a

Published Oct 03, 2006

Tracked Since Feb 18, 2026