Exploitation Summary
EIP tracks 1 public exploit for CVE-2005-3988. PoCs published by r0t.
AI-analyzed exploit summary This is a blind SQL injection exploit for Lore CMS version 1.5.6. It automates the extraction of usernames and passwords from the database by leveraging a time-based blind SQLi vulnerability in the 'article.php' page.
Description
SQL injection vulnerability in article.php in Pineapple Technologies Lore 1.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by r0t · phpwebappsphp
https://www.exploit-db.com/exploits/26688
This is a blind SQL injection exploit for Lore CMS version 1.5.6. It automates the extraction of usernames and passwords from the database by leveraging a time-based blind SQLi vulnerability in the 'article.php' page.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:
Lore CMS 1.5.6
No auth needed
Prerequisites:
Target must have comments enabled on the vulnerable page · Target must be running Lore CMS version 1.5.6 or earlier
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (5)
Core 5
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17842
Third Party Advisory x_refsource_misc
http://pridels0.blogspot.com/2005/12/lore-sql-inj-vuln.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/21328
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15665
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2682
Scores
EPSS
0.0116
EPSS Percentile
63.1%
Details
Status
published
Products (1)
pineapple_technologies/lore
1.5.4
Published
Dec 04, 2005
Tracked Since
Feb 18, 2026