CVE-2010-1300

Yamamah (Dove Photo Album) 1.00 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 4 public exploits for CVE-2010-1300. PoCs published by CoBRa_21, TheMaStEr, indoushka.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Yamamah Photo Gallery 1.00, allowing an attacker to extract admin credentials via a crafted UNION-based SQL query.

Description

SQL injection vulnerability in index.php in Yamamah (aka Dove Photo Album) 1.00 allows remote attackers to execute arbitrary SQL commands via the calbums parameter.

Exploits (4)

exploitdb WORKING POC VERIFIED
by CoBRa_21 · textwebappsphp
https://www.exploit-db.com/exploits/13857

This exploit demonstrates a SQL injection vulnerability in Yamamah Photo Gallery 1.00, allowing an attacker to extract admin credentials via a crafted UNION-based SQL query.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Yamamah Photo Gallery 1.00
No auth needed
Prerequisites: Target application must be accessible · SQL injection vulnerability must be present
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by TheMaStEr · textwebappsphp
https://www.exploit-db.com/exploits/13849

This is a writeup describing a SQL injection vulnerability in Yamamah 1.0. It provides a proof-of-concept URL demonstrating blind SQL injection but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Yamamah 1.00
No auth needed
Prerequisites: A vulnerable instance of Yamamah 1.00
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP
by indoushka · textwebappsphp
https://www.exploit-db.com/exploits/11947

The provided text describes multiple vulnerabilities in Yamamah Version 1.00, including a reinstallation of admin information and a blind SQL/XPath injection. It provides URLs to exploit these vulnerabilities but does not include executable code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Yamamah Version 1.00
No auth needed
Prerequisites: access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
webappsphp
https://www.exploit-db.com/exploits/13845

The exploit demonstrates SQL injection and local file inclusion vulnerabilities in Yamamah 1.00. It includes functional payloads for blind SQLi and file disclosure via the 'download' and 'news' parameters.

Classification
Working Poc 90%
Attack Type
Sqli | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Yamamah 1.00
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/39690
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/63344
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/59404
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/13857
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/57415
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/39205
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/11947
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/13849

Scores

EPSS 0.0191
EPSS Percentile 77.1%

Details

CWE
CWE-89
Status published
Products (1)
yamamah/yamamah 1.00
Published Apr 07, 2010
Tracked Since Feb 18, 2026