Exploitation Summary
EIP tracks 1 public exploit for CVE-2004-2218. PoCs published by Noam Rathaus.
AI-analyzed exploit summary This Perl script exploits an SQL injection vulnerability in a web application to elevate user privileges to administrative. It sends a crafted POST request with manipulated input to bypass authentication checks.
Description
SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Noam Rathaus · perlwebappsphp
https://www.exploit-db.com/exploits/406
This Perl script exploits an SQL injection vulnerability in a web application to elevate user privileges to administrative. It sends a crafted POST request with manipulated input to bypass authentication checks.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
Unknown web application (likely a PHP-based system with SQL backend)
Auth required
Prerequisites:
Valid username and password · Network access to the target web application
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Exploit, Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10942
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17005
Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2004-08/0207.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/8976
Patch mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2004-09/0247.html
Scores
EPSS
0.0244
EPSS Percentile
82.2%
Details
Status
published
Products (1)
phpmywebhosting/phpmywebhosting
< 0.3.4
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026