CVE-2008-6789

MindDezign Photo Gallery 2.2 - SQL Injection via Username Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-6789. PoCs published by CWH Underground.

AI-analyzed exploit summary This exploit leverages an SQL injection vulnerability in MindDezign Photo Gallery 2.2 to bypass authentication and add an arbitrary administrator account. It uses a crafted SQL query to log in as admin and then sends a POST request to create a new admin user.

Description

SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action to the admin module in index.php, a different vector than CVE-2008-6788.

Exploits (2)

exploitdb WORKING POC VERIFIED
by CWH Underground · perlwebappsphp
https://www.exploit-db.com/exploits/6820

This exploit leverages an SQL injection vulnerability in MindDezign Photo Gallery 2.2 to bypass authentication and add an arbitrary administrator account. It uses a crafted SQL query to log in as admin and then sends a POST request to create a new admin user.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: MindDezign Photo Gallery 2.2
No auth needed
Prerequisites: magic_quotes_gpc = off · target URL · desired username and password
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by CWH Underground · textwebappsphp
https://www.exploit-db.com/exploits/6819

This exploit demonstrates a SQL injection vulnerability in MindDezign Photo Gallery 2.2 via the 'id' parameter in index.php. It bypasses authentication by injecting a UNION-based query to extract admin credentials from the database.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: MindDezign Photo Gallery 2.2
No auth needed
Prerequisites: Magic Quotes must be turned off
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/46075
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/32358
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/6820
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50344

Scores

EPSS 0.0093
EPSS Percentile 55.7%

Details

CWE
CWE-89
Status published
Products (1)
minddezign/photo_gallery 2.2
Published May 04, 2009
Tracked Since Feb 18, 2026