CVE-2005-4005
PHP-Fusion 6.00.109 - SQL Injection via messages.php srch_text Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2005-4005. PoCs published by Nolan West.
AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in PHP-Fusion, detailing the lack of input sanitization in the messages.php file. It includes a sample URL demonstrating the vulnerable parameters but does not contain executable exploit code.
Description
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php.
Exploits (1)
The provided text describes an SQL injection vulnerability in PHP-Fusion, detailing the lack of input sanitization in the messages.php file. It includes a sample URL demonstrating the vulnerable parameters but does not contain executable exploit code.