CVE-2005-4430

LogicBill <= 1.0 - SQL Injection via helpdesk.php mode and id Parameters

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4430. PoCs published by r0t3d3Vil.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in LogicBill, specifically in the helpdesk.php file via the __mode and __id parameters. It outlines the vulnerability but does not include actual exploit code or a proof-of-concept.

Description

SQL injection vulnerability in LogicBill 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) __mode and (2) __id parameters to helpdesk.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by r0t3d3Vil · textwebappsphp

https://www.exploit-db.com/exploits/27028

View Code ZIP pw:eip

The provided text describes SQL injection vulnerabilities in LogicBill, specifically in the helpdesk.php file via the __mode and __id parameters. It outlines the vulnerability but does not include actual exploit code or a proof-of-concept.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: LogicBill (version not specified)

No auth needed

Prerequisites: Access to the vulnerable helpdesk.php endpoint

MITRE ATT&CK

T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/16132

Exploit vdb-entry x_refsource_osvdb

http://www.osvdb.org/21368

Third Party Advisory x_refsource_misc

http://pridels0.blogspot.com/2005/11/logicbill-10-sql-inj.html

Scores

EPSS 0.0115

EPSS Percentile 62.7%

Details

Status published

Published Dec 21, 2005

Tracked Since Feb 18, 2026