CVE-2005-4702

IPBProArcade 2.5.2 - SQL Injection via GameID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4702. PoCs published by almaster.

AI-analyzed exploit summary The provided text describes a remote SQL injection vulnerability in ipbProArcade, specifically targeting the 'gameid' parameter. It outlines how an attacker can manipulate SQL queries to disclose or corrupt sensitive database information.

Description

SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote attackers to inject arbitrary SQL commands via the gameid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, the demonstration code as used by third parties suggests that this might be a different type of vulnerability related to shell metacharacters. Finally, this could be a rediscovery of CVE-2004-1430.

Exploits (1)

exploitdb WRITEUP VERIFIED

by almaster · textwebappsphp

https://www.exploit-db.com/exploits/26397

View Code ZIP pw:eip

The provided text describes a remote SQL injection vulnerability in ipbProArcade, specifically targeting the 'gameid' parameter. It outlines how an attacker can manipulate SQL queries to disclose or corrupt sensitive database information.

Classification

Writeup 80%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: ipbProArcade (version not specified)

No auth needed

Prerequisites: Access to the vulnerable endpoint

MITRE ATT&CK

T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/15205

Scores

EPSS 0.0100

EPSS Percentile 58.4%

Details

Status published

Products (1)

ipbproarcade/ipbproarcade 2.5.2

Published Dec 31, 2005

Tracked Since Feb 18, 2026