Vulnerabilities > CVE-2005-3676 - Unspecified vulnerability in PHPwebthings 1.4.4

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
phpwebthings
exploit available
NVD
Published: 2005-11-18
Updated: 2017-07-11

Summary

SQL injection vulnerability in download.php in PhpWebThings 1.4.4 allows remote attackers to execute arbitrary SQL commands via the file parameter.

Vulnerable Configurations

Part Description Count
Application
Phpwebthings
1

Exploit-Db

descriptionPHPWebThings 1.4 Download.PHP File Parameter SQL Injection Vulnerability. CVE-2005-3676 . Webapps exploit for php platform
idEDB-ID:26500
last seen2016-02-03
modified2005-11-12
published2005-11-12
reporterA.1.M
sourcehttps://www.exploit-db.com/download/26500/
titlePHPWebThings 1.4 Download.PHP File Parameter SQL Injection Vulnerability

References