CVE-2010-1300

Yamamah (Dove Photo Album) 1.00 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in index.php in Yamamah (aka Dove Photo Album) 1.00 allows remote attackers to execute arbitrary SQL commands via the calbums parameter.

Exploits (4)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/13845

View on exploitdb

exploitdb WRITEUP

by indoushka · textwebappsphp

https://www.exploit-db.com/exploits/11947

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by TheMaStEr · textwebappsphp

https://www.exploit-db.com/exploits/13849

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by CoBRa_21 · textwebappsphp

https://www.exploit-db.com/exploits/13857

View Code ZIP pw:eip

References (9)

[Exploit] http://packetstormsecurity.org/1003-exploits/yamamah-sql.txt

[Vendor Advisory] http://secunia.com/advisories/39205

[Exploit] http://www.exploit-db.com/exploits/11947

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/57415

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/39690

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/13849

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/13857

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/59404

[Third Party Advisory, VDB Entry] http://osvdb.org/63344

Scores

EPSS 0.0382

EPSS Percentile 87.9%

Classification

CWE

CWE-89

Status draft

Affected Products (1)

yamamah/yamamah

Timeline

Published Apr 07, 2010

Tracked Since Feb 18, 2026