CVE-2006-2300

EImagePro - SQL Injection via CatID, SubjectID, or Pic Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-2300. PoCs published by Dj_Eyes.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in EImagePro, where the 'Pic' parameter in the URL is not properly sanitized. The example URL demonstrates a basic SQLi attempt using a single quote, but no actual exploit code is present.

Description

Multiple SQL injection vulnerabilities in EImagePro allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to subList.asp, (2) SubjectID parameter to imageList.asp, or (3) Pic parameter to view.asp.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Dj_Eyes · textwebappsphp
https://www.exploit-db.com/exploits/27848

The provided text describes a SQL injection vulnerability in EImagePro, where the 'Pic' parameter in the URL is not properly sanitized. The example URL demonstrates a basic SQLi attempt using a single quote, but no actual exploit code is present.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: EImagePro (version not specified)
No auth needed
Prerequisites: Access to the vulnerable application URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Dj_Eyes · textwebappsasp
https://www.exploit-db.com/exploits/27846

The provided text describes SQL injection vulnerabilities in EImagePro due to unsanitized user input in the 'CatID' parameter. It includes a sample exploit URL but lacks executable code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: EImagePro (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable application endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/25332
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/17911
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26343
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/25331
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/1749
Exploit, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20043
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/25333

Scores

EPSS 0.0174
EPSS Percentile 74.8%

Details

Status published
Products (1)
keyvan1/eimagepro
Published May 11, 2006
Tracked Since Feb 18, 2026