CVE-2006-1852

Article Publisher Pro < 1.0.1 - SQL Injection via category.php cname Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-1852. PoCs published by r0t.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in Article Publisher Pro version 1.0.1, where the 'cname' parameter in 'category.php' is not properly sanitized. It does not include actual exploit code but references the vulnerability details.

Description

SQL injection vulnerability in category.php in Article Publisher Pro 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cname parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by r0t · textwebappsphp

https://www.exploit-db.com/exploits/27677

View Code ZIP pw:eip

The provided text describes a SQL injection vulnerability in Article Publisher Pro version 1.0.1, where the 'cname' parameter in 'category.php' is not properly sanitized. It does not include actual exploit code but references the vulnerability details.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Article Publisher Pro 1.0.1

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

http://pridels0.blogspot.com/2006/04/article-publisher-pro-sql-inj.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/25898

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/24730

Scores

EPSS 0.0111

EPSS Percentile 61.6%

Details

Status published

Products (1)

scriptsfrenzy/article_publisher_pro < 1.0.1

Published Apr 19, 2006

Tracked Since Feb 18, 2026