CVE-2006-2255

Creative Community Portal <= 1.1 - SQL Injection via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 6 public exploits for CVE-2006-2255. PoCs published by r0t.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in Creative Community Portal version 1.1, specifically in the PollResults.php file via the 'answer_id' and 'AddVote' parameters. It outlines the vulnerability but does not include executable exploit code.

Description

Multiple SQL injection vulnerabilities in Creative Community Portal 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to (a) ArticleView.php, (2) forum_id parameter to (b) DiscView.php or (c) Discussions.php, (3) event_id parameter to (d) EventView.php, (4) AddVote and (5) answer_id parameter to (e) PollResults.php, or (7) mid parameter to (f) DiscReply.php.

Exploits (6)

exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/27835

The provided text describes SQL injection vulnerabilities in Creative Community Portal version 1.1, specifically in the PollResults.php file via the 'answer_id' and 'AddVote' parameters. It outlines the vulnerability but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Creative Community Portal 1.1
No auth needed
Prerequisites: Access to the vulnerable PollResults.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/27834

The provided text describes SQL injection vulnerabilities in Creative Community Portal version 1.1, with an example URL demonstrating the injection point. No actual exploit code is included.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Creative Community Portal 1.1
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/27832

The provided text describes a SQL injection vulnerability in Creative Community Portal version 1.1, where the 'forum_id' parameter in DiscView.php is not properly sanitized. It includes a sample exploit URL but lacks actual exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Creative Community Portal 1.1
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/27833

The provided text describes a SQL injection vulnerability in Creative Community Portal version 1.1, where the 'forum_id' parameter in Discussions.php is not properly sanitized. This allows attackers to manipulate SQL queries, potentially compromising the application or underlying database.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Creative Community Portal 1.1
No auth needed
Prerequisites: Access to the Discussions.php endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/27836

The provided text describes SQL injection vulnerabilities in Creative Community Portal version 1.1, specifically in the DiscReply.php file via the 'mid' parameter. It lacks executable exploit code but details the vulnerability and potential impact.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Creative Community Portal 1.1
No auth needed
Prerequisites: Access to the vulnerable endpoint · Knowledge of SQL injection techniques
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/27831

The provided text describes SQL injection vulnerabilities in Creative Community Portal version 1.1, but does not include actual exploit code. It references a generic SQLi vector without implementation details.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Creative Community Portal 1.1
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/25308
Exploit, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/19999
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/25307
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17890
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/25309
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/25312
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/25311
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1688
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26313
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/25310

Scores

EPSS 0.0238
EPSS Percentile 81.7%

Details

Status published
Products (1)
creative_software/community_portal 1.1
Published May 09, 2006
Tracked Since Feb 18, 2026