CVE-2008-6990

ezphotogallery 2.1 - SQL Injection via Gallery Password Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6990. PoCs published by Khashayar Fereidani.

AI-analyzed exploit summary This Perl script exploits multiple vulnerabilities in Ezphotogallery 2.1, including SQL injection for credential extraction and file disclosure. It demonstrates functional exploit code for CVE-2008-6988.

Description

SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Khashayar Fereidani · perlwebappsphp

https://www.exploit-db.com/exploits/6428

View Code ZIP pw:eip

This Perl script exploits multiple vulnerabilities in Ezphotogallery 2.1, including SQL injection for credential extraction and file disclosure. It demonstrates functional exploit code for CVE-2008-6988.

Classification

Working Poc 95%

Attack Type

Sqli | Info Leak | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Ezphotogallery 2.1

No auth needed

Prerequisites: Target URL with vulnerable Ezphotogallery installation

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/31774

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/48315

Scores

EPSS 0.0091

EPSS Percentile 55.1%

Details

CWE

CWE-89

Status published

Products (1)

ezphotogallery/ezphotogallery 2.1

Published Aug 19, 2009

Tracked Since Feb 18, 2026