CVE-2007-4053

LinPHA < 1.3.1 - SQL Injection via Order Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4053. PoCs published by EgiX.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in LinPHA <= 1.3.1 via the 'order' parameter in new_images.php. It uses the BENCHMARK() function to extract admin credentials through timing-based attacks.

Description

SQL injection vulnerability in include/img_view.class.php in LinPHA 1.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the order parameter to new_images.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by EgiX · phpwebappsphp
https://www.exploit-db.com/exploits/4242

This exploit demonstrates a blind SQL injection vulnerability in LinPHA <= 1.3.1 via the 'order' parameter in new_images.php. It uses the BENCHMARK() function to extract admin credentials through timing-based attacks.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: LinPHA <= 1.3.1
No auth needed
Prerequisites: MySQL version >= 4.1 (subqueries support) · Access to the new_images.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26259
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2692
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4242
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/36286
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25119
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35674

Scores

EPSS 0.0251
EPSS Percentile 82.7%

Details

Status published
Products (1)
linpha/linpha < 1.3.1
Published Jul 30, 2007
Tracked Since Feb 18, 2026