CVE-2005-4792

phpWebSite < 0.10.1 - SQL Injection via Module Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-4792.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in phpWebSite by injecting a UNION-based query to extract user credentials (username and password hash) from the database. It targets the 'module' parameter in index.php and retrieves the hash for a specified username.

Description

SQL injection vulnerability in index.php in Appalachian State University phpWebSite 0.10.1 and earlier allows remote attackers to execute arbitrary SQL commands via the module parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WORKING POC
perlwebappsphp
https://www.exploit-db.com/exploits/1217

This Perl script exploits a SQL injection vulnerability in phpWebSite by injecting a UNION-based query to extract user credentials (username and password hash) from the database. It targets the 'module' parameter in index.php and retrieves the hash for a specified username.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: phpWebSite 0.10.0
No auth needed
Prerequisites: Target URL with vulnerable phpWebSite installation · Valid username registered in the system
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15088

Scores

EPSS 0.0029
EPSS Percentile 52.9%

Details

Status published
Products (13)
phpwebsite/phpwebsite 0.7.3
phpwebsite/phpwebsite 0.8.2
phpwebsite/phpwebsite 0.8.3
phpwebsite/phpwebsite 0.9.0
phpwebsite/phpwebsite 0.9.1
phpwebsite/phpwebsite 0.9.2
phpwebsite/phpwebsite 0.9.3
phpwebsite/phpwebsite 0.9.3.1
phpwebsite/phpwebsite 0.9.3.2
phpwebsite/phpwebsite 0.9.3.3
... and 3 more
Published Dec 31, 2005
Tracked Since Feb 18, 2026