CVE-2004-2350

phpBB 1.0-2.0.6 - SQL Injection via search_results Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2350. PoCs published by pokleyzz.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in phpBB 2.0.6's search.php script, allowing an attacker to extract user password hashes by manipulating SQL queries through unsanitized input. It uses cURL to automate the attack and brute-force character extraction.

Description

SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by pokleyzz · phpwebappsphp

https://www.exploit-db.com/exploits/23821

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in phpBB 2.0.6's search.php script, allowing an attacker to extract user password hashes by manipulating SQL queries through unsanitized input. It uses cURL to automate the attack and brute-force character extraction.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: phpBB 2.0.6

No auth needed

Prerequisites: PHP 4.x with cURL extension · Target URL · Username · Topic ID

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component T1595 - Active Scanning

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/9883

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/357442

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/15475

Scores

EPSS 0.0121

EPSS Percentile 64.6%

Details

Status published

Products (19)

phpbb_group/phpbb 1.0.0

phpbb_group/phpbb 1.2.0

phpbb_group/phpbb 1.2.1

phpbb_group/phpbb 1.4.0

phpbb_group/phpbb 1.4.1

phpbb_group/phpbb 1.4.2

phpbb_group/phpbb 1.4.4

phpbb_group/phpbb 2.0.0

phpbb_group/phpbb 2.0.1

phpbb_group/phpbb 2.0.2

... and 9 more

Published Dec 31, 2004

Tracked Since Feb 18, 2026