CVE-2005-4001

phpYellowTM Pro and Lite Edition 5.33 - SQL Injection via Haystack or Ckey Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-4001. PoCs published by r0t3d3Vil.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in phpYellowTM due to improper input sanitization. It includes a sample URL demonstrating the vulnerability but lacks executable exploit code.

Description

Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and Lite Edition 5.33 allow remote attackers to execute arbitrary SQL commands via the (1) haystack parameter to search_result.php or (2) ckey parameter to print_me.php.

Exploits (2)

exploitdb WRITEUP VERIFIED

by r0t3d3Vil · textwebappsphp

https://www.exploit-db.com/exploits/26713

View Code ZIP pw:eip

The provided text describes SQL injection vulnerabilities in phpYellowTM due to improper input sanitization. It includes a sample URL demonstrating the vulnerability but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: phpYellowTM (version not specified)

No auth needed

Prerequisites: Access to the vulnerable application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →