CVE-2005-3817
published 2005-11-26CVE-2005-3817: Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.09%
89.5th percentile
Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| softbizscripts | web_hosting_directory_script | <= 1.1 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hp6g-q29f-jr3v: SQL injection vulnerability in search_result
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2008-2087 [HIGH] CWE-89 GHSA-hp6g-q29f-jr3v: SQL injection vulnerability in search_result
SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817.
GHSA
GHSA-7xjp-fxfc-prmh: Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1
ghsa_unreviewed·2022-05-01
CVE-2005-3817 [HIGH] CWE-89 GHSA-7xjp-fxfc-prmh: Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1
Multiple SQL injection vulnerabilities in Softbiz Web Host Directory Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid parameter in search_result.php, (2) sbres_id parameter in review.php, (3) cid parameter in browsecats.php, (4) h_id parameter in email.php, and (5) an unspecified parameter to the search module.
No detection rules found.
Exploit-DB
SoftBizScripts Hosting Script - SQL Injection
exploitdb·2010-04-28
CVE-2005-3817 SoftBizScripts Hosting Script - SQL Injection
SoftBizScripts Hosting Script - SQL Injection
---
# Exploit Title: SoftBizScripts Hosting Script SQL Injection Vunerability
# Date: 29-4-2010
# Author: 41.w4r10r
# Vendor Link : http://softbizscripts.com/
# Version: Web Application
# Tested on: Apcahe/Unix
# CVE : [if exists]
# Dork : inurl:"browsecats.php?cid="
# Code :
############################################################################
#Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber
Warriors]
#Thanks:
SaiSatish,FB1H2S,Godwin_Austin,Micr0,Harin,Jappy,Dark_Blue,sid3^3f3c7
#Shoutz: hg_H@x0r,r45c4l,Yash,Hackuin,unn4m3d
#Catch us at www.andhrahackers.com or www.teamicw.in
############################################################################
Exploited Link :
http://[site]m/browsecats.php?cid=2'
example :
http
Exploit-DB
SoftBiz Web Hosting Directory Script 1.1 - 'review.php?sbres_id' SQL Injection
exploitdb·2005-11-24
CVE-2005-3817 SoftBiz Web Hosting Directory Script 1.1 - 'review.php?sbres_id' SQL Injection
SoftBiz Web Hosting Directory Script 1.1 - 'review.php?sbres_id' SQL Injection
---
source: https://www.securityfocus.com/bid/15561/info
Softbiz Web Host Directory Script is prone to multiple SQL injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Version 1.1 and earlier are affected; other versions may also be affected.
http://www.example.com/review.php?sbres_id=[sql]
Exploit-DB
SoftBiz Web Hosting Directory Script 1.1 - 'search_result.php?cid' SQL Injection
exploitdb·2005-11-24
CVE-2005-3817 SoftBiz Web Hosting Directory Script 1.1 - 'search_result.php?cid' SQL Injection
SoftBiz Web Hosting Directory Script 1.1 - 'search_result.php?cid' SQL Injection
---
source: https://www.securityfocus.com/bid/15561/info
Softbiz Web Host Directory Script is prone to multiple SQL injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Version 1.1 and earlier are affected; other versions may also be affected.
http://www.example.com/search_result.php?cid=[sql]
Exploit-DB
SoftBiz Web Hosting Directory Script 1.1 - 'email.php?h_id' SQL Injection
exploitdb·2005-11-24
CVE-2005-3817 SoftBiz Web Hosting Directory Script 1.1 - 'email.php?h_id' SQL Injection
SoftBiz Web Hosting Directory Script 1.1 - 'email.php?h_id' SQL Injection
---
source: https://www.securityfocus.com/bid/15561/info
Softbiz Web Host Directory Script is prone to multiple SQL injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Version 1.1 and earlier are affected; other versions may also be affected.
http://www.example.com/email.php?&h_id=[sql]
Exploit-DB
SoftBiz Web Hosting Directory Script 1.1 - 'browsecats.php?cid' SQL Injection
exploitdb·2005-11-24
CVE-2005-3817 SoftBiz Web Hosting Directory Script 1.1 - 'browsecats.php?cid' SQL Injection
SoftBiz Web Hosting Directory Script 1.1 - 'browsecats.php?cid' SQL Injection
---
source: https://www.securityfocus.com/bid/15561/info
Softbiz Web Host Directory Script is prone to multiple SQL injection vulnerabilities. These issues occur because the application fails to properly sanitize user-supplied input before using it in an SQL query.
Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Version 1.1 and earlier are affected; other versions may also be affected.
http://www.example.com/browsecats.php?cid=[sql]
No writeups or analysis indexed.
http://pridels0.blogspot.com/2005/11/web-host-directory-script-multiple.htmlhttp://secunia.com/advisories/17724http://www.osvdb.org/21079http://www.osvdb.org/21080http://www.osvdb.org/21081http://www.osvdb.org/21082http://www.osvdb.org/21083http://www.securityfocus.com/bid/15561http://www.vupen.com/english/advisories/2005/2557https://exchange.xforce.ibmcloud.com/vulnerabilities/23208http://pridels0.blogspot.com/2005/11/web-host-directory-script-multiple.htmlhttp://secunia.com/advisories/17724http://www.osvdb.org/21079http://www.osvdb.org/21080http://www.osvdb.org/21081http://www.osvdb.org/21082http://www.osvdb.org/21083http://www.securityfocus.com/bid/15561http://www.vupen.com/english/advisories/2005/2557https://exchange.xforce.ibmcloud.com/vulnerabilities/23208
2005-11-26
Published