Vulnerabilities > CVE-2005-4001 - SQL Injection vulnerability in PHPYellowTM
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and Lite Edition 5.33 allow remote attackers to execute arbitrary SQL commands via the (1) haystack parameter to search_result.php or (2) ckey parameter to print_me.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Exploit-Db
description phpYellowTM 5.33 print_me.php ckey Parameter SQL Injection. CVE-2005-4001. Webapps exploit for php platform id EDB-ID:26714 last seen 2016-02-03 modified 2005-12-03 published 2005-12-03 reporter r0t3d3Vil source https://www.exploit-db.com/download/26714/ title phpYellowTM 5.33 print_me.php ckey Parameter SQL Injection description phpYellowTM 5.33 search_result.php haystack Parameter SQL Injection. CVE-2005-4001 . Webapps exploit for php platform id EDB-ID:26713 last seen 2016-02-03 modified 2005-12-03 published 2005-12-03 reporter r0t3d3Vil source https://www.exploit-db.com/download/26713/ title phpYellowTM 5.33 - search_result.php haystack Parameter SQL Injection