CVE-2005-1637

NPDS 4.8 and 5.0 - SQL Injection via thold Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-1637. PoCs published by NoSP.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in NPDS via the 'thold' parameter in pollcomments.php. It allows an attacker to extract sensitive data such as usernames and passwords from the 'authors' or 'u' tables.

Description

Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow remote attackers to execute arbitrary SQL commands via the thold parameter to (1) comments.php or (2) pollcomments.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by NoSP · textwebappsphp
https://www.exploit-db.com/exploits/25672

This exploit demonstrates an SQL injection vulnerability in NPDS via the 'thold' parameter in pollcomments.php. It allows an attacker to extract sensitive data such as usernames and passwords from the 'authors' or 'u' tables.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: NPDS (all versions)
No auth needed
Prerequisites: access to the pollcomments.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by NoSP · textwebappsphp
https://www.exploit-db.com/exploits/25671

This exploit demonstrates an SQL injection vulnerability in NPDS via the 'thold' parameter in comments.php. It allows an attacker to extract sensitive data such as usernames and passwords from the database.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: NPDS (all versions)
No auth needed
Prerequisites: Access to the target URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Patch x_refsource_confirm
http://www.npds.org/article.php?sid=1258
Exploit, Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1013973

Scores

EPSS 0.0113
EPSS Percentile 62.1%

Details

Status published
Products (2)
npds/npds 4.8
npds/npds 5.0
Published May 17, 2005
Tracked Since Feb 18, 2026