CVE-2005-4416

TML CMS 0.5 - SQL Injection via Index.php ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4416. PoCs published by X1ngBox.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in TML CMS 0.5, where the 'id' parameter in the 'unote' document is susceptible to SQL injection. No actual exploit code is included, only a description and an example URL.

Description

SQL injection vulnerability in index.php in TML CMS 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by X1ngBox · textwebappsphp

https://www.exploit-db.com/exploits/26840

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in TML CMS 0.5, where the 'id' parameter in the 'unote' document is susceptible to SQL injection. No actual exploit code is included, only a description and an example URL.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: TML CMS 0.5

No auth needed

Prerequisites: Access to the target application

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit x_refsource_misc

http://packetstormsecurity.org/0512-exploits/ztml.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/22075

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/21802

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15876

Scores

EPSS 0.0118

EPSS Percentile 63.8%

Details

Status published

Products (1)

tml/tml 0.5

Published Dec 20, 2005

Tracked Since Feb 18, 2026