CVE-2007-0786

Noname Media Photo Galerie <1.1.1 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0786. PoCs published by ajann.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Photo Galerie Standard <= 1.1 via the 'id' parameter in view.php. It includes a proof-of-concept payload to read /etc/passwd using the MySQL load_file function.

Description

SQL injection vulnerability in view.php in Noname Media Photo Galerie Standard 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · textwebappsphp

https://www.exploit-db.com/exploits/3261

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Photo Galerie Standard <= 1.1 via the 'id' parameter in view.php. It includes a proof-of-concept payload to read /etc/passwd using the MySQL load_file function.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Photo Galerie Standard <= 1.1

No auth needed

Prerequisites: target running Photo Galerie Standard <= 1.1 · view.php accessible

MITRE ATT&CK