CVE-2006-1805

PowerClan 1.14 - SQL Injection via Member ID Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1805. PoCs published by d4igoro.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in PowerClan version 1.14, where the 'memberid' parameter in 'member.php' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially compromising the application or underlying database.

Description

SQL injection vulnerability in member.php in PowerClan 1.14 allows remote attackers to execute arbitrary SQL commands via the memberid parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by d4igoro · textwebappsphp

https://www.exploit-db.com/exploits/27645

View Code ZIP pw:eip

The provided text describes an SQL injection vulnerability in PowerClan version 1.14, where the 'memberid' parameter in 'member.php' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially compromising the application or underlying database.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: PowerClan 1.14

No auth needed

Prerequisites: Access to the vulnerable 'member.php' endpoint

MITRE ATT&CK