CVE-2008-6989

ezphotogallery 2.1 - SQL Injection via gallery.php Username Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6989. PoCs published by Khashayar Fereidani.

AI-analyzed exploit summary This Perl script exploits multiple vulnerabilities in Ezphotogallery 2.1, including SQL injection for credential extraction and file disclosure. It demonstrates functional exploit code for CVE-2008-6988.

Description

SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Khashayar Fereidani · perlwebappsphp

https://www.exploit-db.com/exploits/6428

View Code ZIP pw:eip

This Perl script exploits multiple vulnerabilities in Ezphotogallery 2.1, including SQL injection for credential extraction and file disclosure. It demonstrates functional exploit code for CVE-2008-6988.

Classification

Working Poc 95%

Attack Type

Sqli | Info Leak | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Ezphotogallery 2.1

No auth needed

Prerequisites: Target URL with vulnerable Ezphotogallery installation

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31774

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/6428

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/48315

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/496220/100/0/threaded

Scores

EPSS 0.0101

EPSS Percentile 58.5%

Details

CWE

CWE-89

Status published

Products (1)

ezphotogallery/ezphotogallery 2.1

Published Aug 19, 2009

Tracked Since Feb 18, 2026