Unrated severityNVD Advisory· Published Dec 14, 2005· Updated Apr 16, 2026

CVE-2005-4226

Description

Multiple "potential" SQL injection vulnerabilities in phpWebThings 1.4 Patched might allow remote attackers to execute arbitrary SQL commands via (1) the ref parameter in download.php, (2) the direction, msg, sforum, reason, subname, and toform parameters in forum.php, (3) the msg and forum parameters in forum_edit.php, (4) the msg and forum parameters in forum_write.php, (5) the tekst parameter in guestbook.php, (6) the menuoption parameter in index.php, and the (7) sel_avatar parameter in myaccount.php. NOTE: the forum.php/forum vector is already identified by CVE-2005-3585.

Affected products

Phpwebthings/Phpwebthings
cpe:2.3:a:phpwebthings:phpwebthings:*:*:*:*:*:*:*:*
Range: <=1.4

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/18011/nvdVendor Advisory
glide.stanford.edu/yichen/research/sec.pdfnvd
www.osvdb.org/21650nvd
www.osvdb.org/21651nvd
www.osvdb.org/21652nvd
www.osvdb.org/21653nvd
www.osvdb.org/21654nvd
www.osvdb.org/21655nvd
www.osvdb.org/21656nvd
www.securityfocus.com/archive/1/419280/100/0/threadednvd
www.securityfocus.com/archive/1/419487/100/0/threadednvd
www.vupen.com/english/advisories/2005/2860nvd
exchange.xforce.ibmcloud.com/vulnerabilities/23565nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000