CVE-2008-6488

SoftComplex PHP Image Gallery 1.0 - SQL Injection via Admin Field in Login Action

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-6488. PoCs published by Cyber-Zone, Hussin X.

AI-analyzed exploit summary This is a writeup describing an authentication bypass and SQL injection vulnerability in Softcomplex PHP Image Gallery v1.0. It provides a method to bypass admin login using SQL injection.

Description

SQL injection vulnerability in index.php in SoftComplex PHP Image Gallery 1.0 allows remote attackers to execute arbitrary SQL commands via the Admin field in a login action.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Cyber-Zone · textwebappsphp

https://www.exploit-db.com/exploits/7021

View Code ZIP pw:eip

This is a writeup describing an authentication bypass and SQL injection vulnerability in Softcomplex PHP Image Gallery v1.0. It provides a method to bypass admin login using SQL injection.

Classification

Writeup 90%

Attack Type

Sqli | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Softcomplex PHP Image Gallery v1.0

No auth needed

Prerequisites: Access to the login page of the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Hussin X · textwebappsphp

https://www.exploit-db.com/exploits/7026

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in SoftComplex PHP Image Gallery by manipulating the 'ctg' parameter to extract user credentials (login and password) from the database. The payload uses a UNION-based SQL injection to concatenate and display sensitive data.

Classification

Working Poc 90%

Attack Type

Sqli