Unrated severityNVD Advisory· Published Nov 17, 2005· Updated Apr 16, 2026

CVE-2005-3646

Description

Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php.

Affected products

Phpadsnew/Phpadsnew8 versions
cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-09-30:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-09-30:*:*:*:*:*:*:*
- cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09:*:*:*:*:*:*:*
- cpe:2.3:a:phpadsnew:phpadsnew:2.0.4_pr1:*:*:*:*:*:*:*
- cpe:2.3:a:phpadsnew:phpadsnew:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:phpadsnew:phpadsnew:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:phpadsnew:phpadsnew:2.0.7_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:phpadsnew:phpadsnew:2.0_beta5:*:*:*:*:*:*:*
- cpe:2.3:a:phpadsnew:phpadsnew:2.0_beta6:*:*:*:*:*:*:*
Phppgads/Phppgads
cpe:2.3:a:phppgads:phppgads:2.0.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/17464/nvdPatchVendor Advisory
www.securityfocus.com/bid/15385/nvdExploitPatch
www.zone-h.org/en/advisories/read/id=8413/nvdExploitVendor Advisory
secunia.com/advisories/17579nvdVendor Advisory
www.fitsec.com/advisories/FS-05-01.txtnvdVendor Advisory
www.vupen.com/english/advisories/2005/2380nvdVendor Advisory
marc.infonvd
seclists.org/lists/bugtraq/2005/Nov/0189.htmlnvd
securityreason.com/securityalert/171nvd
securityreason.com/securityalert/172nvd
securitytracker.com/idnvd
sourceforge.net/project/shownotes.phpnvd
www.osvdb.org/20744nvd
www.osvdb.org/20745nvd
exchange.xforce.ibmcloud.com/vulnerabilities/23044nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000