CVE-2006-0137

Phanatic Softwares Chimera Web Portal System 0.2 - SQL Injection via linkcategory.php id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-0137. PoCs published by Aliaksandr Hartsuyeu.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Chimera Web Portal by injecting a UNION-based query to retrieve the admin password from the database. The vulnerability arises from insufficient input sanitization in the 'id' parameter of the 'linkcategory.php' script.

Description

SQL injection vulnerability in linkcategory.php in Phanatic Softwares Chimera Web Portal System 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aliaksandr Hartsuyeu · textwebappsphp

https://www.exploit-db.com/exploits/27017

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Chimera Web Portal by injecting a UNION-based query to retrieve the admin password from the database. The vulnerability arises from insufficient input sanitization in the 'id' parameter of the 'linkcategory.php' script.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Chimera Web Portal

No auth needed

Prerequisites: Access to the vulnerable Chimera Web Portal instance

MITRE ATT&CK