CVE-2005-3938

EPSS 3.7%

SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.php, (4) print_article.php, or (5) add_comment.php.

Affected products

n/a · n/a

public PoCs found — 5

exploitdbwww.exploit-db.com/exploits/26677unverified exploitdbwww.exploit-db.com/exploits/26674unverified exploitdbwww.exploit-db.com/exploits/26673unverified exploitdbwww.exploit-db.com/exploits/26676unverified exploitdbwww.exploit-db.com/exploits/26675unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://pridels0.blogspot.com/2005/11/softbiz-faq-script-multiple-sql-vuln.html http://secunia.com/advisories/17809 http://www.osvdb.org/21257 http://www.osvdb.org/21258 http://www.osvdb.org/21259 http://www.osvdb.org/21260 http://www.osvdb.org/21261 http://www.securityfocus.com/bid/15653