EIP-2026-107906

PRE-CVE

Invision Gallery 2.0.7 (Linux) - 'readfile()' / SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107906. PoCs published by ShadOS.

AI-analyzed exploit summary This exploit targets Invision Gallery 2.0.7, leveraging a ReadFile() vulnerability for arbitrary file disclosure and an SQL injection flaw to extract sensitive data from the database. It constructs HTTP requests to exploit these vulnerabilities and parses the responses to display the results.

Description

Invision Gallery 2.0.7 (Linux) - 'readfile()' / SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by ShadOS · cwebappsphp

https://www.exploit-db.com/exploits/2527

View Code ZIP pw:eip

This exploit targets Invision Gallery 2.0.7, leveraging a ReadFile() vulnerability for arbitrary file disclosure and an SQL injection flaw to extract sensitive data from the database. It constructs HTTP requests to exploit these vulnerabilities and parses the responses to display the results.

Classification

Working Poc 95%

Attack Type

Sqli | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Invision Gallery 2.0.7

No auth needed

Prerequisites: Network access to the target application · Knowledge of the target's path structure for file disclosure · Member ID and database prefix for SQL injection

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1005 - Data from Local System T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026