CVE-2006-1710

Design Nation DNGuestbook 2.0 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1710. PoCs published by snatcher.

AI-analyzed exploit summary This advisory details a SQL injection vulnerability in dnGuestbook <= v2.0, allowing an attacker to bypass authentication and retrieve admin credentials via crafted input in the login form and a UNION-based SQL injection in the admin panel.

Description

SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) email and (2) id parameters.

Exploits (1)

exploitdb WRITEUP VERIFIED
by snatcher · textwebappsphp
https://www.exploit-db.com/exploits/1653

This advisory details a SQL injection vulnerability in dnGuestbook <= v2.0, allowing an attacker to bypass authentication and retrieve admin credentials via crafted input in the login form and a UNION-based SQL injection in the admin panel.

Classification
Writeup 100%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: dnGuestbook <= v2.0
No auth needed
Prerequisites: magic_quotes_gpc = Off in php.ini
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19601
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1299
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/1653
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17435
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/25699

Scores

EPSS 0.0176
EPSS Percentile 75.1%

Details

Status published
Products (1)
design_nation/dnguestbook 2.0
Published Apr 11, 2006
Tracked Since Feb 18, 2026