CVE-2006-1330

phpwebsite <= 0.83 - SQL Injection via sid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-1330. PoCs published by DaBDouB-MoSiKaR.

AI-analyzed exploit summary The exploit demonstrates SQL injection in phpWebSite via the 'sid' parameter in friend.php, allowing unauthorized data extraction from the 'users' table. It leverages a UNION-based attack to retrieve sensitive information like usernames and passwords.

Description

Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php.

Exploits (2)

exploitdb WORKING POC VERIFIED
by DaBDouB-MoSiKaR · textwebappsphp
https://www.exploit-db.com/exploits/27448

The exploit demonstrates SQL injection in phpWebSite via the 'sid' parameter in friend.php, allowing unauthorized data extraction from the 'users' table. It leverages a UNION-based attack to retrieve sensitive information like usernames and passwords.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: phpWebSite 0.83 and prior
No auth needed
Prerequisites: Access to the vulnerable phpWebSite instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by DaBDouB-MoSiKaR · textwebappsphp
https://www.exploit-db.com/exploits/27449

The provided text describes a SQL injection vulnerability in phpWebSite versions 0.83 and prior, where user-supplied input is not properly sanitized before being used in SQL queries. The example URL demonstrates how an attacker could exploit this vulnerability by injecting malicious SQL code via the 'sid' parameter.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: phpWebSite <= 0.83
No auth needed
Prerequisites: Access to the vulnerable application URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17150
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1039
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/428156
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/430870/100/0/threaded
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19315
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25328

Scores

EPSS 0.0123
EPSS Percentile 65.1%

Details

CWE
CWE-89
Status published
Products (3)
phpwebsite/phpwebsite 0.7.3
phpwebsite/phpwebsite 0.8.2
phpwebsite/phpwebsite 0.8.3
Published Mar 21, 2006
Tracked Since Feb 18, 2026