CVE-2007-6578

PHP ZLink 0.3 - SQL Injection via id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6578. PoCs published by DNX.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in PHP ZLink v0.3 via the 'id' parameter in go.php. It extracts admin credentials by injecting a UNION-based SQL query to concatenate and retrieve username/password pairs from the 'admin' table.

Description

SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by DNX · perlwebappsphp

https://www.exploit-db.com/exploits/4774

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in PHP ZLink v0.3 via the 'id' parameter in go.php. It extracts admin credentials by injecting a UNION-based SQL query to concatenate and retrieve username/password pairs from the 'admin' table.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: PHP ZLink v0.3

No auth needed

Prerequisites: Target must be running PHP ZLink v0.3 · The 'go.php' script must be accessible · The 'admin' table must exist with expected schema

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/39762

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/39231

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4774

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/26997

Scores

EPSS 0.0101

EPSS Percentile 58.4%

Details

CWE

CWE-89

Status published

Products (1)

zeak.net/php_zlink 0.3

Published Dec 28, 2007

Tracked Since Feb 18, 2026