CVE-2006-0719
PHP Classifieds 6.18-6.20 - SQL Injection via Username or Password Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-0719. PoCs published by Audun Larsen.
AI-analyzed exploit summary The exploit demonstrates an SQL injection vulnerability in PHP Classifieds by injecting a malformed email input to bypass authentication. The payload '[email protected]' -- ' is a classic SQL comment-based injection to manipulate the query logic.
Description
SQL injection vulnerability in member_login.php in PHP Classifieds 6.18 through 6.20 allows remote attackers to execute arbitrary SQL commands via the (1) username parameter, which is used by the E-mail address field, and (2) password parameter.
Exploits (1)
The exploit demonstrates an SQL injection vulnerability in PHP Classifieds by injecting a malformed email input to bypass authentication. The payload '[email protected]' -- ' is a classic SQL comment-based injection to manipulate the query logic.