CVE-2005-3159

PHP-Fusion - SQL Injection via msg_view Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3159. PoCs published by almaster.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in PHP-Fusion's 'messages.php' script due to improper input sanitization. The example URL demonstrates a basic SQLi payload but lacks executable exploit code.

Description

SQL injection vulnerability in messages.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the msg_view parameter, a different vulnerability than CVE-2005-3157 and CVE-2005-3158.

Exploits (1)

exploitdb WRITEUP VERIFIED
by almaster · textwebappsphp
https://www.exploit-db.com/exploits/26102

The provided text describes an SQL injection vulnerability in PHP-Fusion's 'messages.php' script due to improper input sanitization. The example URL demonstrates a basic SQLi payload but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: PHP-Fusion (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable 'messages.php' endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/14489
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/18708
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112811077320676&w=2
Vendor Advisory, URL Repurposed x_refsource_misc
http://www.s4a.cc/forum/archive/index.php/t-3585.html

Scores

EPSS 0.0116
EPSS Percentile 63.1%

Details

Status published
Published Oct 06, 2005
Tracked Since Feb 18, 2026