CVE-2005-0725

WF-Sections 1.07 - SQL Injection via articleid Parameter

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2005-0725.

AI-analyzed exploit summary This Perl script exploits a blind SQL injection vulnerability in XOOPS Module Zmagazine 1.0 via the 'print.php' file. It extracts admin credentials (username and password) from the 'xoops_users' table by injecting a crafted SQL query.

Description

SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php for WF-Sections (wfsections) 1.07 allows remote attackers to execute arbitrary SQL commands via the articleid parameter to article.php.

Exploits (3)

exploitdb WORKING POC

perlwebappsphp

https://www.exploit-db.com/exploits/3646

View Code ZIP pw:eip

This Perl script exploits a blind SQL injection vulnerability in XOOPS Module Zmagazine 1.0 via the 'print.php' file. It extracts admin credentials (username and password) from the 'xoops_users' table by injecting a crafted SQL query.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: XOOPS Module Zmagazine 1.0

No auth needed

Prerequisites: Target must have XOOPS Module Zmagazine 1.0 installed · Target must be accessible via HTTP

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 19, 2026 Full analysis →

exploitdb WORKING POC

htmlwebappsphp

https://www.exploit-db.com/exploits/3645

View Code ZIP pw:eip

This is a functional blind SQL injection exploit targeting XOOPS Module XFsection <= 1.07. It uses JavaScript to automate the extraction of the admin password by testing ASCII values of characters in the password.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: XOOPS Module XFsection <= 1.07

No auth needed

Prerequisites: Target must have XOOPS Module XFsection <= 1.07 installed · Target must be accessible via HTTP

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 19, 2026 Full analysis →

exploitdb WORKING POC

perlwebappsphp

https://www.exploit-db.com/exploits/3644

View Code ZIP pw:eip

This Perl script exploits a blind SQL injection vulnerability in XOOPS Module WF-Section <= 1.01 via the 'articleid' parameter. It extracts admin credentials (username and password) from the 'xoops_users' table by crafting a malicious SQL query.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: XOOPS Module WF-Section <= 1.01

No auth needed

Prerequisites: Target must have XOOPS Module WF-Section <= 1.01 installed · Target must be accessible via HTTP

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/19660

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111049618519821&w=2

Scores

EPSS 0.0104

EPSS Percentile 59.3%

Details

Status published

Products (1)

wf-sections/wf-sections 1.07

Published Mar 08, 2005

Tracked Since Feb 18, 2026