CVE-2005-0305

Siteman <= 1.1.10 - CRLF Injection via Users.php Line Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-0305. PoCs published by amironline452, Noam Rathaus.

AI-analyzed exploit summary This exploit demonstrates a privilege escalation vulnerability in Siteman 1.1.10 and prior by injecting malicious data into the user database file via a URI parameter. The attacker can corrupt the database to gain administrative privileges (Member Level 5).

Description

CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation.

Exploits (2)

exploitdb WORKING POC VERIFIED
by amironline452 · htmlwebappsphp
https://www.exploit-db.com/exploits/25053

This exploit demonstrates a privilege escalation vulnerability in Siteman 1.1.10 and prior by injecting malicious data into the user database file via a URI parameter. The attacker can corrupt the database to gain administrative privileges (Member Level 5).

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Siteman 1.1.10 and prior
No auth needed
Prerequisites: Access to the target application's user registration or profile update functionality
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Noam Rathaus · perlwebappsphp
https://www.exploit-db.com/exploits/25052

This exploit leverages insufficient input sanitization in Siteman's user database file handling to inject malicious data via a URI parameter, allowing privilege escalation to administrative access. The PoC sends a crafted POST request to corrupt the user database file.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Siteman 1.1.10 and prior
No auth needed
Prerequisites: Network access to the target Siteman application · Knowledge of the target path and host
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/13131
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1012951
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110627350616949&w=2
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/12304
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/18998
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=110643320814371&w=2

Scores

EPSS 0.0785
EPSS Percentile 93.9%

Details

Status published
Products (2)
siteman/siteman 1.1.9
siteman/siteman 1.1.10
Published May 02, 2005
Tracked Since Feb 18, 2026