CVE-2005-4071

CFMagic Magic Forum Personal < 2.5 - SQL Injection via ForumID or ThreadID Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-4071. PoCs published by r0t.

AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in CFMagic Products due to insufficient input sanitization. It includes example URLs demonstrating potential SQL injection points but lacks executable exploit code.

Description

Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal 2.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ForumID parameter in view_forum.cfm, and (2) ForumID, (3) Thread, and (4) ThreadID parameters in view_thread.cfm.

Exploits (2)

exploitdb WRITEUP VERIFIED

by r0t · textwebappscfm

https://www.exploit-db.com/exploits/26765

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in CFMagic Products due to insufficient input sanitization. It includes example URLs demonstrating potential SQL injection points but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: Magic Book Professional <= 2.0, Magic List Professional <= 2.5, Magic Forum Personal <= 2.5

No auth needed

Prerequisites: Access to vulnerable application endpoints

MITRE ATT&CK

T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →