CVE-2005-4478

Papoo <2.1.2 - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) menuid parameter to (a) index.php and (b) guestbook.php, and the (2) forumid and (3) reporeid_print parameters to (c) print.php.

Exploits (3)

exploitdb WRITEUP VERIFIED
by r0t3d3Vil · textwebappsphp
https://www.exploit-db.com/exploits/26959
exploitdb WRITEUP VERIFIED
by r0t3d3Vil · textwebappsphp
https://www.exploit-db.com/exploits/26960
exploitdb WRITEUP VERIFIED
by r0t3d3Vil · textwebappsphp
https://www.exploit-db.com/exploits/26961

References (7)

Scores

EPSS 0.0071
EPSS Percentile 71.8%

Classification

CWE
CWE-89
Status draft

Affected Products (1)

papoo/papoo < 2.1.2

Timeline

Published Dec 22, 2005
Tracked Since Feb 18, 2026