CVE-2008-0421

Invision Gallery < 2.0.7 - SQL Injection via Album Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-0421. PoCs published by RST/GHC.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in Invision Gallery <= 2.0.7, allowing attackers to extract database information and create a new admin account. It features a GUI for user interaction and automates the exploitation process.

Description

SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in a rate command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by RST/GHC · perlwebappsphp

https://www.exploit-db.com/exploits/4966

View Code ZIP pw:eip

This Perl script exploits a SQL injection vulnerability in Invision Gallery <= 2.0.7, allowing attackers to extract database information and create a new admin account. It features a GUI for user interaction and automates the exploitation process.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Invision Gallery <= 2.0.7

No auth needed

Prerequisites: Network access to the target application · Knowledge of the database table prefix

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/4966

Scores

EPSS 0.0092

EPSS Percentile 55.7%

Details

CWE

CWE-89

Status published

Products (1)

invision_power_services/invision_gallery < 2.0.7

Published Jan 23, 2008

Tracked Since Feb 18, 2026