CVE-2005-3681

XOOPS WF-Downloads 2.05 - SQL Injection via viewcat.php list Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3681. PoCs published by rgod.

AI-analyzed exploit summary This PHP script exploits CVE-2005-3681, a SQL injection vulnerability in XOOPS WF_Downloads module v2.05, allowing admin credential disclosure and remote command execution. It provides a web interface to input target details and execute the exploit.

Description

SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads module 2.05 allows remote attackers to execute arbitrary SQL commands via the list parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rgod · phpwebappsphp
https://www.exploit-db.com/exploits/1315

This PHP script exploits CVE-2005-3681, a SQL injection vulnerability in XOOPS WF_Downloads module v2.05, allowing admin credential disclosure and remote command execution. It provides a web interface to input target details and execute the exploit.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: XOOPS WF_Downloads module v2.05
No auth needed
Prerequisites: Target must be running XOOPS WF_Downloads module v2.05 · PHP environment with socket support
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17575
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15406/
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2425
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/20852
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=113199244824660&w=2

Scores

EPSS 0.0116
EPSS Percentile 62.9%

Details

Status published
Products (1)
xoops/wf-downloads 2.05
Published Nov 18, 2005
Tracked Since Feb 18, 2026