CVE-2005-3423

Subdreamer - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the loginusername parameter or (2) cookies to (a) subdreamer.php, (b) ipb2.php, (c) phpbb2.php, (d) vbulletin2.php, and (e) vbulletin3.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by RusH · perlwebappsphp

https://www.exploit-db.com/exploits/1278

View Code ZIP pw:eip

References (9)

[Vendor Advisory] http://rst.void.ru/papers/advisory35.txt

[Third Party Advisory, VDB Entry] http://www.osvdb.org/20379

[Third Party Advisory, VDB Entry] http://www.osvdb.org/20380

[Third Party Advisory, VDB Entry] http://www.osvdb.org/20382

[Third Party Advisory, VDB Entry] http://www.osvdb.org/20378

[Third Party Advisory, VDB Entry] http://www.osvdb.org/20381

[Vendor Advisory] http://secunia.com/advisories/17378

[Exploit] http://www.securityfocus.com/bid/15238

[Third Party Advisory, VDB Entry] http://www.osvdb.org/20384

Scores

EPSS 0.0172

EPSS Percentile 82.5%

Details

Status published

Products (1)

subdreamer/subdreamer 2.2.1

Published Nov 01, 2005

Tracked Since Feb 18, 2026