CVE-2010-2335

Yamamah - SQL Injection

Title source: rule

Description

SQL injection vulnerability in index.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to execute arbitrary SQL commands via the news parameter.

Exploits (2)

exploitdb WORKING POC

by anT!-Tr0J4n · textwebappsphp

https://www.exploit-db.com/exploits/13845

View Code ZIP pw:eip

exploitdb WRITEUP

by indoushka · textwebappsphp

https://www.exploit-db.com/exploits/11947

View Code ZIP pw:eip

References (2)

[Exploit] http://www.exploit-db.com/exploits/13845

[Patch, Vendor Advisory] http://www.yamamah.org/home/?page=39

Scores

EPSS 0.0037

EPSS Percentile 58.5%

Classification

CWE

CWE-89

Status draft

Affected Products (1)

yamamah/yamamah

Timeline

Published Jun 18, 2010

Tracked Since Feb 18, 2026