EIP-2026-107907

PRE-CVE

Invision Gallery 2.0.7 - 'index.php?IMG' SQL Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107907. PoCs published by infection.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Invision Gallery by injecting a malicious SQL query via the 'img' parameter. The payload uses BENCHMARK functions to cause a denial-of-service (DoS) by overloading the database with computationally intensive operations.

Description

Invision Gallery 2.0.7 - 'index.php?IMG' SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED
by infection · textwebappsphp
https://www.exploit-db.com/exploits/29205

This exploit demonstrates an SQL injection vulnerability in Invision Gallery by injecting a malicious SQL query via the 'img' parameter. The payload uses BENCHMARK functions to cause a denial-of-service (DoS) by overloading the database with computationally intensive operations.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Invision Gallery (version not specified)
No auth needed
Prerequisites: Access to the vulnerable Invision Gallery web application
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026