CVE-2005-4619

phpoutsourcing Zorum Forum <3.5 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4619.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in Zorum forum version 3.5 by brute-forcing user passwords via a time-based blind SQLi attack. It targets the 'showhtmllist' method to extract password hashes character by character.

Description

SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the rollid parameter in the showhtmllist method.

Exploits (1)

exploitdb WORKING POC
perlwebappsphp
https://www.exploit-db.com/exploits/1509

This Perl script exploits a SQL injection vulnerability in Zorum forum version 3.5 by brute-forcing user passwords via a time-based blind SQLi attack. It targets the 'showhtmllist' method to extract password hashes character by character.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Zorum forum version 3.5
No auth needed
Prerequisites: Target must be running Zorum forum version 3.5 · Knowledge of a valid forum number (rollid) and username
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/21372
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16131

Scores

EPSS 0.0112
EPSS Percentile 62.0%

Details

Status published
Products (6)
phpoutsourcing/zorum 3.0
phpoutsourcing/zorum 3.1
phpoutsourcing/zorum 3.2
phpoutsourcing/zorum 3.3
phpoutsourcing/zorum 3.4
phpoutsourcing/zorum 3.5
Published Dec 31, 2005
Tracked Since Feb 18, 2026