CVE-2005-3052
Description
SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the search field to download.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Patches
Vulnerability mechanics
Root cause
"Direct interpolation of the unsanitized `$word` variable into a SQL query in `module/down.inc.php` allows SQL injection."
Attack vector
An unauthenticated remote attacker sends a POST/GET request to `download.php` with the `search` field set to a crafted SQL payload (e.g., `a%' UNION SELECT ... FROM admins/*`). The `$word` variable is concatenated into the `LIKE` clause without escaping, enabling classic SQL injection [CWE-89]. The attack requires `magic_quotes_gpc` to be Off [ref_id=1][ref_id=2].
Affected code
The vulnerability resides in `module/down.inc.php`, which is included by `download.php`. The `$word` variable from the `search` field is directly interpolated into the SQL query without sanitization [ref_id=1][ref_id=2].
What the fix does
No patch is included in the bundle. The advisory recommends escaping the `$word` variable before it is used in the SQL query, or using prepared statements to prevent injection [ref_id=1][ref_id=2].
Preconditions
- configmagic_quotes_gpc must be Off
- authNo authentication required
- networkAttacker must be able to send HTTP requests to download.php
- inputThe search field must accept arbitrary input
Generated on Jun 16, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
2News mentions
0No linked articles in our index yet.