CVE-2005-4380

Exploitation Summary

EIP tracks 5 public exploits for CVE-2005-4380. PoCs published by r0t.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in bitweaver due to improper input sanitization. It includes a sample URL demonstrating the vulnerability but lacks executable exploit code.

Description

Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php.

Exploits (5)

exploitdb WRITEUP VERIFIED

by r0t · textwebappsphp

https://www.exploit-db.com/exploits/26904

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in bitweaver due to improper input sanitization. It includes a sample URL demonstrating the vulnerability but lacks executable exploit code.

Classification

Writeup 80%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: bitweaver 1.1.1 beta and prior

No auth needed

Prerequisites: Access to the vulnerable application URL

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by r0t · textwebappsphp

https://www.exploit-db.com/exploits/26905

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in bitweaver 1.1.1 beta and prior versions due to improper input sanitization. It includes a sample URL demonstrating the vulnerability but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: bitweaver 1.1.1 beta and prior

No auth needed

Prerequisites: Access to the vulnerable application URL

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by r0t · textwebappsphp

https://www.exploit-db.com/exploits/26906

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in bitweaver 1.1.1 beta and prior versions due to improper input sanitization. The example URL demonstrates a potential SQLi vector via the 'blog_id' parameter.

Classification

Writeup 80%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: bitweaver 1.1.1 beta and prior

No auth needed

Prerequisites: Access to the vulnerable bitweaver application

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by r0t · textwebappsphp

https://www.exploit-db.com/exploits/26908

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in bitweaver 1.1.1 beta and prior versions due to improper input sanitization. The example URL demonstrates how an attacker could inject SQL commands via the 'sort_mode' parameter.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: bitweaver 1.1.1 beta and prior

No auth needed

Prerequisites: Access to the vulnerable application URL

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by r0t · textwebappsphp

https://www.exploit-db.com/exploits/26907

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in bitweaver due to improper input sanitization in the 'sort_mode' parameter. It lacks executable exploit code but references the vulnerability details and affected versions.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: bitweaver 1.1.1 beta and prior

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK