CVE-2005-3575

Cyphor < 0.19 - SQL Injection via show.php id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-3575. PoCs published by HACKERS PAL, rgod.

AI-analyzed exploit summary This exploit leverages a SQL injection vulnerability in Cyphor Forum to dump user credentials (username and password hash) by manipulating the 'id' parameter in the 'show.php' script. It uses a UNION-based SQLi to extract data from the 'users' table.

Description

SQL injection vulnerability in show.php in Cyphor 0.19 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by HACKERS PAL · perlwebappsphp
https://www.exploit-db.com/exploits/1321

This exploit leverages a SQL injection vulnerability in Cyphor Forum to dump user credentials (username and password hash) by manipulating the 'id' parameter in the 'show.php' script. It uses a UNION-based SQLi to extract data from the 'users' table.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Cyphor Forum (version unspecified)
No auth needed
Prerequisites: Target URL with vulnerable Cyphor Forum installation · Perl with LWP::Simple module
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by rgod · phpwebappsphp
https://www.exploit-db.com/exploits/1241

This exploit targets a SQL injection vulnerability in Cyphor 0.19, allowing an attacker to retrieve the table prefix and send a new password to an arbitrary email address. The exploit constructs malicious SQL queries to manipulate the password reset functionality.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Cyphor 0.19 (and possibly prior versions)
No auth needed
Prerequisites: PHP with allow_call_time_pass_reference and register_globals enabled · Magic quotes disabled · Target application accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/416562
Various Sources x_refsource_misc
http://www.securiteam.com/unixfocus/6P00F1FEKC.html
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/180
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2420
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20983
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15418

Scores

EPSS 0.0129
EPSS Percentile 66.3%

Details

Status published
Products (1)
cynox/cyphor < 0.19
Published Nov 16, 2005
Tracked Since Feb 18, 2026