Unrated severityNVD Advisory· Published Oct 14, 2005· Updated Jun 16, 2026
CVE-2005-3236
CVE-2005-3236
Description
Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nick parameter of lostpwd.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1Patches
Vulnerability mechanics
References
9News mentions
0No linked articles in our index yet.