CVE-2005-4619

phpoutsourcing Zorum Forum <3.5 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the rollid parameter in the showhtmllist method.

Exploits (1)

exploitdb WORKING POC

perlwebappsphp

https://www.exploit-db.com/exploits/1509

View Code ZIP pw:eip

References (3)

[Third Party Advisory] http://pridels0.blogspot.com/2005/11/zorum-forum-35-rollid-sql-inj-vuln.html

[Exploit] http://www.osvdb.org/21372

[Exploit] http://www.securityfocus.com/bid/16131

Scores

EPSS 0.0033

EPSS Percentile 55.8%

Details

Status published

Products (6)

phpoutsourcing/zorum 3.0

phpoutsourcing/zorum 3.1

phpoutsourcing/zorum 3.2

phpoutsourcing/zorum 3.3

phpoutsourcing/zorum 3.4

phpoutsourcing/zorum 3.5

Published Dec 31, 2005

Tracked Since Feb 18, 2026