CVE-2005-3877

Simple Document Management System < 2.0-cvs - SQL Injection via folder_id or mid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-3877. PoCs published by r0t.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in Simple Document Management System (SDMS) via the 'mid' parameter in messages.php. It lacks executable exploit code but details the vulnerable endpoint and parameter.

Description

Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/26632

The provided text describes a SQL injection vulnerability in Simple Document Management System (SDMS) via the 'mid' parameter in messages.php. It lacks executable exploit code but details the vulnerable endpoint and parameter.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Simple Document Management System (SDMS)
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/26631

The provided text describes a SQL injection vulnerability in Simple Document Management System (SDMS) via the 'folder_id' parameter in 'list.php'. It lacks executable exploit code but details the vulnerability and potential impact.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Simple Document Management System (SDMS)
No auth needed
Prerequisites: Access to the vulnerable 'list.php' endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21375
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17746
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21374
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15596
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2614

Scores

EPSS 0.0122
EPSS Percentile 64.5%

Details

CWE
CWE-89
Status published
Products (4)
cafuego/simple_document_management_system 1.1.4
cafuego/simple_document_management_system 1.1.5
cafuego/simple_document_management_system 1.1.6
cafuego/simple_document_management_system < 2.0-cvs
Published Nov 29, 2005
Tracked Since Feb 18, 2026