CVE-2005-2637
phpfreenews < 1.40 - SQL Injection via Match, CatID, or Password Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2005-2637. PoCs published by h4cky.
AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in PHPFreeNews due to unsanitized user input in the SearchResults.php file. It includes example URLs demonstrating the injection points but lacks executable exploit code.
Description
Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php, or (3) the password to AccessControl.php.
Exploits (1)
The provided text describes SQL injection vulnerabilities in PHPFreeNews due to unsanitized user input in the SearchResults.php file. It includes example URLs demonstrating the injection points but lacks executable exploit code.