CVE-2005-3363

Saphplesson - SQL Injection

Title source: rule

Description

SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.

Exploits (2)

exploitdb WORKING POC VERIFIED

by SnIpEr_SA · perlwebappsphp

https://www.exploit-db.com/exploits/1530

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by almaster · textwebappsphp

https://www.exploit-db.com/exploits/26390

View Code ZIP pw:eip

References (13)

[Vendor Advisory] http://secunia.com/advisories/17308/

[Third Party Advisory] http://securityreason.com/securityalert/111

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/430906/30/5610/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/22861

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/15185

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/1530

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/440120/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/472799/100/0/threaded

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/27746

[Third Party Advisory, VDB Entry] http://www.osvdb.org/20290

[Mailing List] http://marc.info/?l=bugtraq&m=113018965520240&w=2

[Third Party Advisory] http://www.attrition.org/pipermail/vim/2005-October/000313.html

[Third Party Advisory, VDB Entry] http://www.osvdb.org/20289

Scores

EPSS 0.0899

EPSS Percentile 92.6%

Details

Status published

Products (2)

saphp/saphplesson 1.1

saphp/saphplesson 2.0

Published Oct 30, 2005

Tracked Since Feb 18, 2026