CVE-2008-2700

Galatolo WebManager 1.0 - SQL Injection via view.php id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-2700. PoCs published by Stack.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in Galatolo WebManager 1.0 to extract admin credentials. It crafts a malicious SQL query via the 'id' parameter in view.php to retrieve the username and password hash.

Description

SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stack · perlwebappsphp

https://www.exploit-db.com/exploits/5760

View Code ZIP pw:eip

This Perl script exploits a SQL injection vulnerability in Galatolo WebManager 1.0 to extract admin credentials. It crafts a malicious SQL query via the 'id' parameter in view.php to retrieve the username and password hash.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Galatolo WebManager 1.0

No auth needed

Prerequisites: Target URL with vulnerable Galatolo WebManager installation

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/46443

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/42934

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/5760

Scores

EPSS 0.0100

EPSS Percentile 58.2%

Details

CWE

CWE-89

Status published

Products (1)

gwm/galatolo_webmanager 1.0

Published Jun 13, 2008

Tracked Since Feb 18, 2026