CVE-2000-0125

wwwthreads - SQL Injection via Numeric Data or Table Names

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0125. PoCs published by rain forest puppy.

AI-analyzed exploit summary This exploit leverages SQL injection in WWWThreads by manipulating numeric parameters to elevate a user's privileges to Administrator. It sends a crafted HTTP GET request to update the user's status and security level in the database.

Description

wwwthreads does not properly cleanse numeric data or table names that are passed to SQL queries, which allows remote attackers to gain privileges for wwwthreads forums.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rain forest puppy · perlremotecgi

https://www.exploit-db.com/exploits/19741

View Code ZIP pw:eip

This exploit leverages SQL injection in WWWThreads by manipulating numeric parameters to elevate a user's privileges to Administrator. It sends a crafted HTTP GET request to update the user's status and security level in the database.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: WWWThreads (version not specified)

No auth needed

Prerequisites: Network access to the target WWWThreads instance · Knowledge of a valid username and password hash

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10002031027120.15921-100000%40eight.wiretrip.net

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/967

Scores

EPSS 0.0555

EPSS Percentile 91.8%

Details

Status published

Products (1)

wired_community_software/wwwthreads

Published Feb 03, 2000

Tracked Since Feb 18, 2026