CVE-2005-4240

VCD-db <= 0.98 - SQL Injection via Search Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4240. PoCs published by r0t3d3Vil.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in VCD-db due to improper input sanitization in the 'by' parameter of search.php. It lacks executable exploit code but outlines the vulnerability's impact and attack vector.

Description

SQL injection vulnerability in search.php in VCD-db 0.98 and earlier allows remote attackers to execute arbitrary SQL commands via the by parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by r0t3d3Vil · textwebappsphp

https://www.exploit-db.com/exploits/26795

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in VCD-db due to improper input sanitization in the 'by' parameter of search.php. It lacks executable exploit code but outlines the vulnerability's impact and attack vector.

Classification

Writeup 80%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: VCD-db (version unspecified)

No auth needed

Prerequisites: Access to the search.php endpoint

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15840

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/21699

Third Party Advisory x_refsource_misc

http://pridels0.blogspot.com/2005/12/vcd-db-vuln.html

Scores

EPSS 0.0115

EPSS Percentile 62.6%

Details

Status published

Products (6)

vcd-db/vcd-db 0.97

vcd-db/vcd-db 0.98

vcd-db/vcd-db 0.961

vcd-db/vcd-db 0.971

vcd-db/vcd-db 0.972

vcd-db/vcd-db 0.973

Published Dec 14, 2005

Tracked Since Feb 18, 2026