CVE-2005-2896

WEB//NEWS 1.4 - SQL Injection via wn_userpw Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2005-2896. PoCs published by onkel_fisch.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in WEB//NEWS, specifically in the 'modules/startup.php' file. It includes an example payload to bypass authentication by exploiting improper input sanitization.

Description

SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers to execute arbitrary SQL commands via the (1) wn_userpw parameter to startup.php, (2) cat, (3) id, or (4) stof parameter to news.php, or (5) id parameter to print.php.

Exploits (3)

exploitdb WRITEUP VERIFIED
by onkel_fisch · textwebappsphp
https://www.exploit-db.com/exploits/26234

The provided text describes a SQL injection vulnerability in WEB//NEWS, specifically in the 'modules/startup.php' file. It includes an example payload to bypass authentication by exploiting improper input sanitization.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: WEB//NEWS
No auth needed
Prerequisites: Access to the vulnerable WEB//NEWS application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by onkel_fisch · textwebappsphp
https://www.exploit-db.com/exploits/26236

The provided text describes a SQL injection vulnerability in WEB//NEWS, where the 'id' parameter in 'print.php' is not properly sanitized. It includes a basic example URL for exploitation but lacks actual exploit code.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: WEB//NEWS (version not specified)
No auth needed
Prerequisites: Access to the vulnerable 'print.php' endpoint
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by onkel_fisch · textwebappsphp
https://www.exploit-db.com/exploits/26235

The provided text describes SQL injection vulnerabilities in WEB//NEWS, detailing vulnerable parameters in the 'news.php' script. It does not include actual exploit code but outlines the attack vectors.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: WEB//NEWS (version not specified)
No auth needed
Prerequisites: Access to the vulnerable web application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112611504519410&w=2
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16727/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22179
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14776

Scores

EPSS 0.0117
EPSS Percentile 63.6%

Details

Status published
Products (1)
stylemotion/web_news 1.4
Published Sep 14, 2005
Tracked Since Feb 18, 2026