Exploitation Summary
EIP tracks 1 public exploit for CVE-2012-2338. PoCs published by sbz.
AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Galette versions prior to 0.7.x. The provided URIs show how an attacker can extract database information, such as version and table names, by manipulating the 'id_adh' parameter in the 'picture.php' script.
Description
SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to picture.php.
Exploits (1)
This exploit demonstrates an SQL injection vulnerability in Galette versions prior to 0.7.x. The provided URIs show how an attacker can extract database information, such as version and table names, by manipulating the 'id_adh' parameter in the 'picture.php' script.