CVE-2008-4778

Koobi CMS 4.3.0 - SQL Injection via Gallery Module galid Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-4778. PoCs published by JosS, S@BUN.

AI-analyzed exploit summary This exploit demonstrates multiple SQL injection vulnerabilities in Koobi CMS versions 4.3.0, 4.2.5, and 4.2.4. It provides specific URLs and payloads to extract admin credentials from the database.

Description

SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 allows remote attackers to execute arbitrary SQL commands via the galid parameter in a showimages action.

Exploits (2)

exploitdb WORKING POC VERIFIED

by JosS · textwebappsphp

https://www.exploit-db.com/exploits/5447

View Code ZIP pw:eip

This exploit demonstrates multiple SQL injection vulnerabilities in Koobi CMS versions 4.3.0, 4.2.5, and 4.2.4. It provides specific URLs and payloads to extract admin credentials from the database.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Koobi CMS 4.3.0, 4.2.5, 4.2.4

No auth needed

Prerequisites: Target running vulnerable Koobi CMS version · Network access to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by S@BUN · textwebappsphp

https://www.exploit-db.com/exploits/5414