CVE-2005-1378

phpbb_personal_notes_module < 1.4.6 - SQL Injection via p Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1378. PoCs published by GulfTech Security.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in the notes module of phpBB. It leverages unsanitized input in the 'p' parameter to perform a UNION-based SQL injection, extracting usernames from the database.

Description

SQL injection vulnerability in posting_notes.php in the notes module for phpBB allows remote attackers to execute arbitrary SQL commands via the p parameter, which is used in the $post_id variable, and other attack vectors.

Exploits (1)

exploitdb WORKING POC VERIFIED

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/25558

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in the notes module of phpBB. It leverages unsanitized input in the 'p' parameter to perform a UNION-based SQL injection, extracting usernames from the database.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: phpBB (notes module)

No auth needed

Prerequisites: Access to the vulnerable phpBB instance · Notes module enabled

MITRE ATT&CK