CVE-2005-3939

WSN Knowledge Base < 1.2.0 - SQL Injection via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2005-3939. PoCs published by r0t.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in WSN Knowledge Base versions 1.2.0 and prior. It outlines the vulnerability's cause and potential impact but does not include actual exploit code.

Description

Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks in a displaycat action in (a) index.php; and the (5) id parameter in (b) comments.php and (c) memberlist.php.

Exploits (3)

exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/26681

The provided text describes a SQL injection vulnerability in WSN Knowledge Base versions 1.2.0 and prior. It outlines the vulnerability's cause and potential impact but does not include actual exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: WSN Knowledge Base <= 1.2.0
No auth needed
Prerequisites: Access to the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/26679

The provided text describes SQL injection vulnerabilities in WSN Knowledge Base versions 1.2.0 and prior. It includes example URLs demonstrating how unsanitized input in parameters like 'catid', 'perpage', and 'orderlinks' can be exploited.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: WSN Knowledge Base <= 1.2.0
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/26680

The provided text describes a SQL injection vulnerability in WSN Knowledge Base versions 1.2.0 and prior. It outlines the lack of input sanitization and potential impacts but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: WSN Knowledge Base <= 1.2.0
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21262
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15656
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17810
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21263
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21264

Scores

EPSS 0.0129
EPSS Percentile 66.4%

Details

Status published
Products (1)
wsn_knowledge_base/wsn_knowledge_base < 1.2.0
Published Dec 01, 2005
Tracked Since Feb 18, 2026