CVE-2005-4240

Vcd-db - SQL Injection

Title source: rule

Description

SQL injection vulnerability in search.php in VCD-db 0.98 and earlier allows remote attackers to execute arbitrary SQL commands via the by parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by r0t3d3Vil · textwebappsphp

https://www.exploit-db.com/exploits/26795

View Code ZIP pw:eip

References (3)

[Third Party Advisory] http://pridels0.blogspot.com/2005/12/vcd-db-vuln.html

[Exploit] http://www.securityfocus.com/bid/15840

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21699

Scores

EPSS 0.0033

EPSS Percentile 55.4%

Classification

Status draft

Affected Products (6)

vcd-db/vcd-db

vcd-db/vcd-db

vcd-db/vcd-db

vcd-db/vcd-db

vcd-db/vcd-db

vcd-db/vcd-db

Timeline

Published Dec 14, 2005

Tracked Since Feb 18, 2026