CVE-2005-4195

Scout Portal Toolkit <= 1.3.1 - SQL Injection via Multiple Parameters

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-4195. PoCs published by JosS, Preddy.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in Scout Portal Toolkit <= 1.4.0 by injecting a malicious SQL query into the ParentId parameter to extract user credentials from the APUsers table.

Description

Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.php, (2) ResourceId parameter in SPT--FullRecord.php, (3) ResourceOffset parameter in SPT--Home.php, and (4) F_UserName and (5) F_Password in SPT--UserLogin.php. NOTE: it was later reported that vector 1 is also present in 1.4.0.

Exploits (2)

exploitdb WORKING POC VERIFIED

by JosS · perlwebappsphp

https://www.exploit-db.com/exploits/5540

View Code ZIP pw:eip

This Perl script exploits a SQL injection vulnerability in Scout Portal Toolkit <= 1.4.0 by injecting a malicious SQL query into the ParentId parameter to extract user credentials from the APUsers table.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Scout Portal Toolkit <= 1.4.0

No auth needed

Prerequisites: Target URL with vulnerable SPT--BrowseResources.php endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Preddy · textwebappsphp

https://www.exploit-db.com/exploits/26783

View Code ZIP pw:eip

The provided text describes an input-validation vulnerability in Scout Portal Toolkit, specifically in the user login page. It suggests that injecting a single quote into the username and password fields could exploit the vulnerability, but no actual exploit code is provided.

Classification

Writeup 80%