CVE-2005-3939

Wsn Knowledge Base < 1.2.0 - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks in a displaycat action in (a) index.php; and the (5) id parameter in (b) comments.php and (c) memberlist.php.

Exploits (3)

exploitdb WRITEUP VERIFIED

by r0t · textwebappsphp

https://www.exploit-db.com/exploits/26681

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by r0t · textwebappsphp

https://www.exploit-db.com/exploits/26679

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by r0t · textwebappsphp

https://www.exploit-db.com/exploits/26680

View Code ZIP pw:eip

References (6)

Core 6

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/21262

Third Party Advisory x_refsource_misc

http://pridels0.blogspot.com/2005/11/wsn-knowledge-base-sql-inj-vuln.html

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15656

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/17810

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/21263

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/21264

Scores

EPSS 0.0054

EPSS Percentile 67.8%

Details

Status published

Products (1)

wsn_knowledge_base/wsn_knowledge_base < 1.2.0

Published Dec 01, 2005

Tracked Since Feb 18, 2026