CVE-2010-2714

TCW PHP Album 1.0 - SQL Injection via Album Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-2714. PoCs published by L0rd CrusAd3r.

AI-analyzed exploit summary This is a technical writeup describing multiple vulnerabilities (SQLi, XSS, URL redirection, HTML injection) in TCW PHP Album version 1. It provides demo URLs but lacks functional exploit code.

Description

SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to execute arbitrary SQL commands via the album parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by L0rd CrusAd3r · textwebappsphp

https://www.exploit-db.com/exploits/14203

View Code ZIP pw:eip

This is a technical writeup describing multiple vulnerabilities (SQLi, XSS, URL redirection, HTML injection) in TCW PHP Album version 1. It provides demo URLs but lacks functional exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss | Other

Complexity

Trivial

Reliability

Theoretical

Target: TCW PHP Album version 1

No auth needed

Prerequisites: Access to the vulnerable application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/41382

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/60079

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/1696

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/14203

Scores

EPSS 0.0097

EPSS Percentile 57.3%

Details

CWE

CWE-89

Status published

Products (1)

tcwonline/tcw_php_album 1.0

Published Jul 13, 2010

Tracked Since Feb 18, 2026