Unrated severityNVD Advisory· Published Oct 14, 2005· Updated Apr 16, 2026

CVE-2005-3236

Description

Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote attackers to execute arbitrary SQL and obtain administrative access via (1) the fid parameter of newmsg.php, which can enable XSS attacks when the SQL syntax is invalid or (2) the nick parameter of lostpwd.php.

Affected products

Cynox/Cyphor
cpe:2.3:a:cynox:cyphor:0.19:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

marc.infonvd
secunia.com/advisories/17104/nvd
securityreason.com/securityalert/70nvd
securitytracker.com/idnvd
www.osvdb.org/19943nvd
www.osvdb.org/19944nvd
www.osvdb.org/19945nvd
www.securityfocus.com/bid/15047nvd
exchange.xforce.ibmcloud.com/vulnerabilities/22552nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000