CVE-2005-3884

Zainu - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in the search action in Zainu 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term and (2) start parameters to index.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by r0t · textwebappsphp

https://www.exploit-db.com/exploits/26604

View Code ZIP pw:eip

References (6)

[Third Party Advisory] http://pridels0.blogspot.com/2005/11/zainu-2x-sql-inj-vuln.html

[Exploit] http://www.securityfocus.com/bid/15579

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/23274

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21197

[Third Party Advisory] http://secunia.com/advisories/17766

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/2603

Scores

EPSS 0.0051

EPSS Percentile 66.0%

Classification

Status draft

Affected Products (1)

zainu/zainu

Timeline

Published Nov 29, 2005

Tracked Since Feb 18, 2026