CVE-2006-0115

OnePlug CMS - SQL Injection via Press_Release_ID, Service_ID, or Product_ID Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2006-0115. PoCs published by Preddy.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in OnePlug CMS, where the 'Service_ID' parameter in 'details.asp' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially compromising the application or underlying database.

Description

Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp.

Exploits (3)

exploitdb WRITEUP VERIFIED
by Preddy · textwebappsasp
https://www.exploit-db.com/exploits/27035

The provided text describes a SQL injection vulnerability in OnePlug CMS, where the 'Service_ID' parameter in 'details.asp' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially compromising the application or underlying database.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: OnePlug CMS
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Preddy · textwebappsasp
https://www.exploit-db.com/exploits/27036

The provided text describes a SQL injection vulnerability in OnePlug CMS, where the 'Product_ID' parameter in 'details.asp' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially compromising the application or underlying database.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: OnePlug CMS
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Preddy · textwebappsasp
https://www.exploit-db.com/exploits/27034

The provided text describes a SQL injection vulnerability in OnePlug CMS, where the 'Press_Release_ID' parameter in 'details.asp' is not properly sanitized. It lacks actual exploit code, serving only as a vulnerability description.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: OnePlug CMS
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16155
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/0079
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/22249
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/22250
Exploit, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/18325
Exploit vdb-entry x_refsource_osvdb
http://www.osvdb.org/22248

Scores

EPSS 0.0127
EPSS Percentile 66.1%

Details

CWE
CWE-89
Status published
Products (1)
oneplug_solutions/oneplug_cms
Published Jan 09, 2006
Tracked Since Feb 18, 2026