CVE-2008-6989

Ezphotogallery - SQL Injection

Title source: rule

Description

SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Khashayar Fereidani · perlwebappsphp

https://www.exploit-db.com/exploits/6428

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/31774

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/6428

[Third Party Advisory, VDB Entry] http://www.osvdb.org/48315

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/496220/100/0/threaded

Scores

EPSS 0.0034

EPSS Percentile 56.6%

Details

CWE

CWE-89

Status published

Products (1)

ezphotogallery/ezphotogallery 2.1

Published Aug 19, 2009

Tracked Since Feb 18, 2026