CVE-2005-2989

DeluxeBB 1.0 and 1.0.5 - SQL Injection via tid uid or fid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2005-2989. PoCs published by abducter.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in DeluxeBB due to improper sanitization of user input in the 'tid' parameter. It references a security advisory but does not include actual exploit code or a proof-of-concept.

Description

Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter to topic.php, the uid parameter to (2) misc.php or (3) pm.php, or the fid parameter to (3) forums.php or (4) newpost.php.

Exploits (5)

exploitdb WRITEUP VERIFIED
by abducter · textwebappsphp
https://www.exploit-db.com/exploits/26264

The provided text describes a SQL injection vulnerability in DeluxeBB due to improper sanitization of user input in the 'tid' parameter. It references a security advisory but does not include actual exploit code or a proof-of-concept.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: DeluxeBB (version not specified)
No auth needed
Prerequisites: Access to the vulnerable DeluxeBB instance · Ability to send crafted HTTP requests
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by abducter · textwebappsphp
https://www.exploit-db.com/exploits/26267

The provided text describes a SQL injection vulnerability in DeluxeBB, where the 'uid' parameter in the 'pm.php' script is not properly sanitized. This allows attackers to manipulate SQL queries, potentially leading to unauthorized data access or modification.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: DeluxeBB (version not specified)
No auth needed
Prerequisites: Access to the vulnerable DeluxeBB instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by abducter · textwebappsphp
https://www.exploit-db.com/exploits/26268

The provided text describes a SQL injection vulnerability in DeluxeBB, where the 'fid' parameter in 'newpost.php' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially leading to data disclosure or modification.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: DeluxeBB (version not specified)
No auth needed
Prerequisites: Access to the vulnerable DeluxeBB instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by abducter · textwebappsphp
https://www.exploit-db.com/exploits/26265

The provided text describes a SQL injection vulnerability in DeluxeBB due to improper input sanitization. It references a specific URL parameter (`uid`) that can be exploited to manipulate SQL queries.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: DeluxeBB (version unspecified)
No auth needed
Prerequisites: Access to the target application's `misc.php` endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by abducter · textwebappsphp
https://www.exploit-db.com/exploits/26266

The provided text describes SQL injection vulnerabilities in DeluxeBB due to insufficient input sanitization. It references a generic example URL but lacks actual exploit code or technical details for execution.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: DeluxeBB (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable DeluxeBB instance · Knowledge of SQL injection techniques
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/1752
Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/16819
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14851

Scores

EPSS 0.0123
EPSS Percentile 64.9%

Details

Status published
Products (2)
deluxebb/deluxebb 1.0
deluxebb/deluxebb 1.05
Published Sep 20, 2005
Tracked Since Feb 18, 2026