CVE-2005-1051

PunBB 1.2.4 - Authenticated SQL Injection via Profile ID Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1051. PoCs published by Stefan Esser.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in PunBB 1.2.4's change_email functionality. It authenticates as a user, retrieves a session cookie, and crafts a malicious email parameter to escalate privileges to admin (group_id=1).

Description

SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a change_email action.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Stefan Esser · pythonwebappsphp
https://www.exploit-db.com/exploits/928

This exploit targets a SQL injection vulnerability in PunBB 1.2.4's change_email functionality. It authenticates as a user, retrieves a session cookie, and crafts a malicious email parameter to escalate privileges to admin (group_id=1).

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: PunBB 1.2.4
Auth required
Prerequisites: Valid user credentials · Catch-all email domain · Target forum URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/14882
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111306207306155&w=2
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13071

Scores

EPSS 0.0207
EPSS Percentile 78.9%

Details

Status published
Products (18)
punbb/punbb 1.0
punbb/punbb 1.0.1
punbb/punbb 1.0_alpha
punbb/punbb 1.0_beta1
punbb/punbb 1.0_beta2
punbb/punbb 1.0_beta3
punbb/punbb 1.0_rc1
punbb/punbb 1.0_rc2
punbb/punbb 1.1
punbb/punbb 1.1.1
... and 8 more
Published May 02, 2005
Tracked Since Feb 18, 2026