CVE-2005-4554

DEV web management system <1.5 - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in an openforum action (openforum.php) in index.php, (2) cat parameter in getfile.php, and (3) target parameter in download_now.php.

Exploits (3)

exploitdb WORKING POC VERIFIED

by [email protected] · textwebappsphp

https://www.exploit-db.com/exploits/26976

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by [email protected] · textwebappsphp

https://www.exploit-db.com/exploits/26977

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/1387

View Code ZIP pw:eip

References (9)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/23898

[Third Party Advisory, VDB Entry] http://www.osvdb.org/22041

[Third Party Advisory, VDB Entry] http://www.osvdb.org/22042

[Exploit] http://rgod.altervista.org/dev_15_sql_xpl.html

[Exploit] http://www.securityfocus.com/bid/16063

[Exploit, Vendor Advisory] http://secunia.com/advisories/18239

[Exploit] http://securitytracker.com/id?1015410

[Third Party Advisory, VDB Entry] http://www.osvdb.org/22040

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/420253/100/0/threaded

Scores

EPSS 0.0175

EPSS Percentile 82.6%

Details

Status published

Products (1)

dev/dev_web_management_system 1.5

Published Dec 28, 2005

Tracked Since Feb 18, 2026