CVE-2005-3918

OvBB 0.08a - SQL Injection via Thread ID or User ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-3918. PoCs published by r0t3d3Vil.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in OvBB 0.08a and prior versions, where the 'threadid' parameter in 'thread.php' is vulnerable. No actual exploit code is included, only a description and an example URL.

Description

Multiple SQL injection vulnerabilities in OvBB 0.08a allow remote attackers to execute arbitrary SQL commands via the (1) threadid parameter to thread.php and (2) userid parameter to profile.php. NOTE: the vendor disputes these issues, saying "these reports are completely unsubstantial.

Exploits (2)

exploitdb WRITEUP VERIFIED

by r0t3d3Vil · textwebappsphp

https://www.exploit-db.com/exploits/26589

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in OvBB 0.08a and prior versions, where the 'threadid' parameter in 'thread.php' is vulnerable. No actual exploit code is included, only a description and an example URL.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: OvBB <= 0.08a

No auth needed

Prerequisites: Access to the vulnerable OvBB instance

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by r0t3d3Vil · textwebappsphp

https://www.exploit-db.com/exploits/26590

View Code ZIP pw:eip

This is a vulnerability writeup describing SQL injection in OvBB 0.08a and prior versions. It provides a basic example URL but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: OvBB 0.08a and prior

No auth needed

Prerequisites: Access to the target application URL

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/21307

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15566

Third Party Advisory x_refsource_misc

http://pridels0.blogspot.com/2005/11/ovbb-sql-vulnerabilities.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/21308

Scores

EPSS 0.0117

EPSS Percentile 63.4%

Details

Status published

Products (8)

ovbb/ovbb 0.1a

ovbb/ovbb 0.2a

ovbb/ovbb 0.3a

ovbb/ovbb 0.4a

ovbb/ovbb 0.5a

ovbb/ovbb 0.6a

ovbb/ovbb 0.7a

ovbb/ovbb 0.8a

Published Nov 30, 2005

Tracked Since Feb 18, 2026