CVE-2007-6362

RSGallery <2.0 beta 5 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6362. PoCs published by K-159.

AI-analyzed exploit summary This is a SQL injection exploit for the rsgallery component in Joomla/Mambo. It targets the 'catid' parameter to extract user credentials (username and password hashes) from the database when magic_quotes is disabled.

Description

SQL injection vulnerability in index.php in the RSGallery (com_rsgallery) 2.0 beta 5 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in an inline page action.

Exploits (1)

exploitdb WORKING POC VERIFIED
by K-159 · textwebappsphp
https://www.exploit-db.com/exploits/4691

This is a SQL injection exploit for the rsgallery component in Joomla/Mambo. It targets the 'catid' parameter to extract user credentials (username and password hashes) from the database when magic_quotes is disabled.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: rsgallery <= 2.0 beta 5 (Joomla/Mambo component)
No auth needed
Prerequisites: magic_quotes disabled in PHP configuration · target running vulnerable rsgallery component
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4691
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/26704
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/484606/100/100/threaded

Scores

EPSS 0.0207
EPSS Percentile 78.9%

Details

CWE
CWE-89
Status published
Products (1)
joomla/rs_gallery2 beta_5
Published Dec 15, 2007
Tracked Since Feb 18, 2026