CVE-2005-3940

Orca Ringmaker < 2.3c - SQL Injection via Start Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3940. PoCs published by r0t.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Orca Ringmaker version 2.3c, where user-supplied input is not properly sanitized before being used in SQL queries. Exploitation could lead to data disclosure, modification, or further attacks on the underlying database.

Description

SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/26658

The provided text describes an SQL injection vulnerability in Orca Ringmaker version 2.3c, where user-supplied input is not properly sanitized before being used in SQL queries. Exploitation could lead to data disclosure, modification, or further attacks on the underlying database.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Orca Ringmaker 2.3c
No auth needed
Prerequisites: Access to the vulnerable application endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15639
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17803
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/21194
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2651
Patch x_refsource_confirm
http://www.greywyvern.com/orca#ring

Scores

EPSS 0.0135
EPSS Percentile 67.9%

Details

Status published
Products (1)
greywyvern/orca_ringmaker < 2.3c
Published Dec 01, 2005
Tracked Since Feb 18, 2026