CVE-2005-4226

Phpwebthings < 1.4 - SQL Injection

Title source: rule

Description

Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direction, msg, sforum, reason, subname, and toform parameters in forum.php, (3) the msg and forum parameters in forum_edit.php, (4) the msg and forum parameters in forum_write.php, (5) the tekst parameter in guestbook.php, (6) the menuoption parameter in index.php, and the (7) sel_avatar parameter in myaccount.php. NOTE: the forum.php/forum vector is already identified by CVE-2005-3585.

Exploits (2)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1324

View Code ZIP pw:eip

exploitdb WORKING POC

perlwebappsphp

https://www.exploit-db.com/exploits/1325

View Code ZIP pw:eip

References (13)

[Various Sources] http://glide.stanford.edu/yichen/research/sec.pdf

[Vendor Advisory] http://secunia.com/advisories/18011/

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21650

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21651

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21652

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21653

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21654

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21655

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21656

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/23565

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/419280/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/419487/100/0/threaded

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/2860

Scores

EPSS 0.0228

EPSS Percentile 84.7%

Details

Status published

Products (1)

phpwebthings/phpwebthings < 1.4

Published Dec 14, 2005

Tracked Since Feb 18, 2026