CVE-2005-4500

MusicBox 2.3 - SQL Injection via Show or Type Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-4500. PoCs published by Linux_Drox, Medo HaCKer.

AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in MusicBox, with example URLs demonstrating the injection points. No actual exploit code is present, only a vulnerability description.

Description

SQL injection vulnerability in MusicBox 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) show and (2) type parameter. NOTE: the provenance of this information is unknown, although it was later rediscovered.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Linux_Drox · textwebappsphp
https://www.exploit-db.com/exploits/27445

The provided text describes SQL injection and XSS vulnerabilities in MusicBox, with example URLs demonstrating the injection points. No actual exploit code is present, only a vulnerability description.

Classification
Writeup 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Theoretical
Target: MusicBox (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable MusicBox web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Medo HaCKer · textwebappsphp
https://www.exploit-db.com/exploits/26965

The provided text describes an SQL injection vulnerability in MusicBox version 2.3, where the 'type' parameter in the URL is vulnerable to SQLi. No actual exploit code is included, only a description and example URL.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: MusicBox version 2.3
No auth needed
Prerequisites: Access to the vulnerable MusicBox application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/22272
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16030
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0124
Third Party Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2006-03/0515.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/24055
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18369

Scores

EPSS 0.0126
EPSS Percentile 65.8%

Details

CWE
CWE-89
Status published
Products (1)
musicbox/musicbox 2.3
Published Dec 22, 2005
Tracked Since Feb 18, 2026