CVE-2007-3881

Pictures Rating - SQL Injection via msgid Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3881. PoCs published by t0pP8uZz.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in the 'Pictures Rating' script, allowing an attacker to extract admin and member credentials via UNION-based SQLi. The PoC provides direct URLs to leak database information, including usernames, passwords, and email addresses.

Description

SQL injection vulnerability in index.php in Pictures Rating (Picture Rating) allows remote attackers to execute arbitrary SQL commands via the msgid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by t0pP8uZz · textwebappsphp

https://www.exploit-db.com/exploits/4191

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in the 'Pictures Rating' script, allowing an attacker to extract admin and member credentials via UNION-based SQLi. The PoC provides direct URLs to leak database information, including usernames, passwords, and email addresses.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Pictures Rating script (version unspecified)

No auth needed

Prerequisites: Target must be running the vulnerable 'Pictures Rating' script · Attacker must be able to send HTTP requests to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4191

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39144

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/24945

Scores

EPSS 0.0101

EPSS Percentile 58.5%

Details

Status published

Products (1)

pictures_rating/pictures_rating

Published Jul 18, 2007

Tracked Since Feb 18, 2026