CVE-2005-4781

SergiDs Top Music module <3.0 PR3 - SQL Injection

Title source: llm
STIX 2.1

Description

Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 PR3 and earlier for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the (1) idartist, (2) idsong, and (3) idalbum parameters to modules.php.

Exploits (1)

exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/26607

References (4)

Core 4
Core References
Third Party Advisory x_refsource_misc
http://pridels0.blogspot.com/2005_11_27_pridels_archive.html
Various Sources x_refsource_misc
http://www.sergids.com/topmusic-changelog.html
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15581
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/21397

Scores

EPSS 0.0034
EPSS Percentile 56.8%

Details

Status published
Products (1)
sergids/top_music_module 3.0_pr3
Published Dec 31, 2005
Tracked Since Feb 18, 2026