CVE-2010-1365

Uiga Fan Club - SQL Injection via id Parameter in photos Action

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-1365. PoCs published by Sioma Labs, Easy Laster.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Uiga Fan Club software, allowing an attacker to extract admin credentials via a crafted URL parameter. The example provided uses a UNION-based SQLi to dump the admin table.

Description

SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Sioma Labs · textwebappsphp

https://www.exploit-db.com/exploits/11837

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Uiga Fan Club software, allowing an attacker to extract admin credentials via a crafted URL parameter. The example provided uses a UNION-based SQLi to dump the admin table.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Uiga Fan Club (version not specified)

No auth needed

Prerequisites: Target must be running Uiga Fan Club software · The 'view' parameter must be accessible and vulnerable

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Easy Laster · textwebappsphp

https://www.exploit-db.com/exploits/11600