CVE-2005-4517

PHP-Fusion <6.00.300 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4517. PoCs published by krasza.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in PHP-Fusion 6.00.3 by authenticating as a user and injecting arbitrary SQL via the 'rating' parameter in a POST request. It uses LWP::UserAgent for HTTP interactions and requires valid credentials.

Description

SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 allows remote attackers to execute arbitrary SQL commands via the ratings parameter in multiple scripts, such as ratings_include.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by krasza · perlwebappsphp

https://www.exploit-db.com/exploits/1385

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in PHP-Fusion 6.00.3 by authenticating as a user and injecting arbitrary SQL via the 'rating' parameter in a POST request. It uses LWP::UserAgent for HTTP interactions and requires valid credentials.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: PHP-Fusion 6.00.3

Auth required

Prerequisites: Valid user credentials · Target URL with PHP-Fusion installation

MITRE ATT&CK