Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-1123-jjsq-xkfd
Vulnerability ID VCID-1123-jjsq-xkfd
Aliases CVE-2005-0413
Summary Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the fid in forum.php, (2) the member parameter in member.php, (3) the email parameter in forgot.php, or (4) the nbuser or nbpass parameters in include.php. NOTE: it was later reported that vector 2 exists in 3.0 and earlier.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
System Score Found at
epss 0.02207 https://api.first.org/data/v1/epss?cve=CVE-2005-0413
epss 0.02207 https://api.first.org/data/v1/epss?cve=CVE-2005-0413
epss 0.02207 https://api.first.org/data/v1/epss?cve=CVE-2005-0413
epss 0.02207 https://api.first.org/data/v1/epss?cve=CVE-2005-0413
epss 0.02207 https://api.first.org/data/v1/epss?cve=CVE-2005-0413
epss 0.02207 https://api.first.org/data/v1/epss?cve=CVE-2005-0413
epss 0.02207 https://api.first.org/data/v1/epss?cve=CVE-2005-0413
epss 0.02207 https://api.first.org/data/v1/epss?cve=CVE-2005-0413
epss 0.02207 https://api.first.org/data/v1/epss?cve=CVE-2005-0413
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2005-0413
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2005-0413
http://seclists.org/lists/bugtraq/2005/Feb/0125.html
http://secunia.com/advisories/14205
http://securitytracker.com/id?1013136
https://exchange.xforce.ibmcloud.com/vulnerabilities/19272
https://exchange.xforce.ibmcloud.com/vulnerabilities/39348
https://www.exploit-db.com/exploits/4822
http://www.securityfocus.com/bid/12501
http://www.securityfocus.com/bid/27083
cpe:2.3:a:myphp_forum:myphp_forum:1.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:myphp_forum:myphp_forum:1.0:*:*:*:*:*:*:*
cpe:2.3:a:myphp_forum:myphp_forum:2.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:myphp_forum:myphp_forum:2.0:*:*:*:*:*:*:*
cpe:2.3:a:myphp_forum:myphp_forum:3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:myphp_forum:myphp_forum:3.0:*:*:*:*:*:*:*
CVE-2005-0413 https://nvd.nist.gov/vuln/detail/CVE-2005-0413
OSVDB-13679;CVE-2005-0413 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/807.txt
Data source Exploit-DB
Date added Feb. 9, 2005
Description MyPHP Forum 1.0 - SQL Injection
Ransomware campaign use Known
Source publication date Feb. 10, 2005
Exploit type webapps
Platform php
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2005-0413
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.84378
EPSS Score 0.02207
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T17:26:46.769406+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2005-0413 38.0.0