CVE-2005-1026
published 2005-05-02CVE-2005-1026: Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.44%
82.2th percentile
Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to dlman.php in DLMan Pro or (2) id parameter to links.php in Linkz Pro (aka LinksLinks Pro).
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| dlman_pro | dlman_pro | — | — |
| linkz_pro | linkz_pro | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
phpBB 2.0.13 Linkz Pro Module - SQL Injection
exploitdb·2005-04-06
CVE-2005-1026 phpBB 2.0.13 Linkz Pro Module - SQL Injection
phpBB 2.0.13 Linkz Pro Module - SQL Injection
---
source: https://www.securityfocus.com/bid/13030/info
The Linkz Pro mod for phpBB is reportedly affected by a SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/[phpBB]/links.php?func=show&id='[SQL Injection]
Exploit-DB
phpBB 2.0.13 DLMan Pro Module - SQL Injection
exploitdb·2005-04-06
CVE-2005-1026 phpBB 2.0.13 DLMan Pro Module - SQL Injection
phpBB 2.0.13 DLMan Pro Module - SQL Injection
---
source: https://www.securityfocus.com/bid/13028/info
The DLMan Pro mod for phpBB is reportedly affected by an SQL Injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
http://www.example.com/[phpBB]/dlman.php?func=file_info&file_id='[SQL Injection]
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=111271895819594&w=2http://marc.info/?l=bugtraq&m=111272430128195&w=2http://www.securityfocus.com/bid/13028http://www.securityfocus.com/bid/13030http://www.snailsource.com/forum/dlman.php?func=file_info&file_id=77http://marc.info/?l=bugtraq&m=111271895819594&w=2http://marc.info/?l=bugtraq&m=111272430128195&w=2http://www.securityfocus.com/bid/13028http://www.securityfocus.com/bid/13030http://www.snailsource.com/forum/dlman.php?func=file_info&file_id=77
2005-05-02
Published