CVE-2005-1615

Ultimate PHP Board 1.8-1.9.6 - SQL Injection via postorder Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-1615. PoCs published by Morinex Eneco.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Ultimate PHP Board, with a URL-encoded payload example. It lacks executable exploit code but includes a proof-of-concept URL demonstrating the vulnerability.

Description

viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow remote attackers to read sensitive data via the postorder parameter, which is not properly handled by textdb.inc.php, possibly due to a SQL injection vulnerability.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Morinex Eneco · textwebappsphp

https://www.exploit-db.com/exploits/25655

View Code ZIP pw:eip

The provided text describes an SQL injection vulnerability in Ultimate PHP Board, with a URL-encoded payload example. It lacks executable exploit code but includes a proof-of-concept URL demonstrating the vulnerability.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Ultimate PHP Board

No auth needed

Prerequisites: Access to the vulnerable application

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/13622

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=111600262424876&w=2

Scores

EPSS 0.0206

EPSS Percentile 78.9%

Details

Status published

Products (4)

ultimate_php_board/ultimate_php_board 1.8

ultimate_php_board/ultimate_php_board 1.8.2

ultimate_php_board/ultimate_php_board 1.9

ultimate_php_board/ultimate_php_board 1.9.6

Published May 16, 2005

Tracked Since Feb 18, 2026