CVE-2005-3509

JPortal Web Portal - SQL Injection via Banner.php or ID Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-3509. PoCs published by Mousehack.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in JPortal via the 'id' parameter in news.php. The payload uses a UNION-based attack to extract data from the 'admins' table, indicating improper input sanitization.

Description

Multiple SQL injection vulnerabilities in JPortal allow remote attackers to execute arbitrary SQL commands via (1) banner.php or the id parameter to (2) print.php, (3) comment.php, and (4) news.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Mousehack · textwebappsphp
https://www.exploit-db.com/exploits/26470

This exploit demonstrates a SQL injection vulnerability in JPortal via the 'id' parameter in news.php. The payload uses a UNION-based attack to extract data from the 'admins' table, indicating improper input sanitization.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: JPortal (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable JPortal news.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Mousehack · textwebappsphp
https://www.exploit-db.com/exploits/26469

This exploit demonstrates SQL injection in JPortal by manipulating the 'id' parameter in comment.php to extract admin credentials (nick and MD5 password) via UNION-based SQLi. It requires no authentication and is straightforward to execute.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: JPortal (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable JPortal instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Various Sources x_refsource_misc
http://foro.elhacker.net/index.php?topic=93436.0
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15324
Exploit, Vendor Advisory x_refsource_misc
http://www.security.nnov.ru/Kdocument105.html
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2310

Scores

EPSS 0.0117
EPSS Percentile 63.5%

Details

Status published
Products (2)
jportal/jportal_web_portal 2.2.1
jportal/jportal_web_portal 2.3.1
Published Nov 06, 2005
Tracked Since Feb 18, 2026