CVE-2005-3363

Saphp Lesson - SQL Injection via ForumID Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-3363. PoCs published by SnIpEr_SA, almaster.

AI-analyzed exploit summary This exploit leverages a SQL injection vulnerability in SaphpLesson 2.0 to extract administrator usernames and password hashes from the 'modretor' table via crafted UNION-based queries.

Description

SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by SnIpEr_SA · perlwebappsphp
https://www.exploit-db.com/exploits/1530

This exploit leverages a SQL injection vulnerability in SaphpLesson 2.0 to extract administrator usernames and password hashes from the 'modretor' table via crafted UNION-based queries.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: SaphpLesson 2.0
No auth needed
Prerequisites: Target must be running SaphpLesson 2.0 with vulnerable 'showcat.php' endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by almaster · textwebappsphp
https://www.exploit-db.com/exploits/26390

The provided text describes a SQL injection vulnerability in saphp Lesson, where the 'forumid' parameter in 'add.php' is not properly sanitized. The example URL demonstrates a basic SQL injection attempt but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: saphp Lesson (version not specified)
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17308/
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/111
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/430906/30/5610/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/22861
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15185
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/1530
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/440120/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/472799/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27746
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20290
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=113018965520240&w=2
Third Party Advisory mailing-list x_refsource_vim
http://www.attrition.org/pipermail/vim/2005-October/000313.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20289

Scores

EPSS 0.0348
EPSS Percentile 87.6%

Details

Status published
Products (2)
saphp/saphplesson 1.1
saphp/saphplesson 2.0
Published Oct 30, 2005
Tracked Since Feb 18, 2026