CVE-2006-2209

PHP Arena paCheckBook 1.1 - SQL Injection via transtype or entry Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2209. PoCs published by almaster.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in Pacheckbook, with example URLs demonstrating unsanitized input in the 'transtype' and 'entry' parameters. No actual exploit code is present, only a vulnerability description and proof-of-concept URLs.

Description

Multiple SQL injection vulnerabilities in index.php in PHP Arena paCheckBook 1.1 allow remote attackers to execute arbitrary SQL commands via (1) the transtype parameter in an add action or (2) entry parameter in an edit action. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by almaster · textwebappsphp

https://www.exploit-db.com/exploits/27808

View Code ZIP pw:eip

The provided text describes SQL injection vulnerabilities in Pacheckbook, with example URLs demonstrating unsanitized input in the 'transtype' and 'entry' parameters. No actual exploit code is present, only a vulnerability description and proof-of-concept URLs.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Pacheckbook (version not specified)

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK