CVE-2005-0271

ReviewPost PHP Pro < 2.84 - SQL Injection via showcat.php cat Parameter or addfav.php product Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-0271.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in ReviewPost <= 2.84, including XSS, SQL injection, and arbitrary file upload flaws. It provides specific exploit paths and technical descriptions but lacks functional exploit code.

Description

Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showcat.php or (2) product parameter to addfav.php.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/43821

This advisory details multiple vulnerabilities in ReviewPost <= 2.84, including XSS, SQL injection, and arbitrary file upload flaws. It provides specific exploit paths and technical descriptions but lacks functional exploit code.

Classification
Writeup 95%
Attack Type
Xss | Sqli | Other
Complexity
Moderate
Reliability
Theoretical
Target: ReviewPost <= 2.84
No auth needed
Prerequisites: Access to vulnerable ReviewPost instance
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Patch, Vendor Advisory x_refsource_misc
http://www.gulftech.org/?node=research&article_id=00062-01022005
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18732
Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/13697/
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110485682424110&w=2

Scores

EPSS 0.0123
EPSS Percentile 64.9%

Details

Status published
Products (3)
photopost/reviewpost_php_pro 1.0.2
photopost/reviewpost_php_pro 2.5
photopost/reviewpost_php_pro < 2.5.1
Published Jan 03, 2005
Tracked Since Feb 18, 2026