CVE-2006-2474

cosmoshop < 8.11.106 - SQL Injection via artnum Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-2474. PoCs published by l0om.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Cosmoshop, where the 'artnum' parameter in the URL is not properly sanitized, allowing attackers to inject malicious SQL queries. The example URL demonstrates how an attacker could exploit this vulnerability to manipulate the database.

Description

SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and earlier allows remote attackers to execute arbitrary SQL commands via the artnum parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by l0om · textwebappscgi
https://www.exploit-db.com/exploits/27895

The provided text describes an SQL injection vulnerability in Cosmoshop, where the 'artnum' parameter in the URL is not properly sanitized, allowing attackers to inject malicious SQL queries. The example URL demonstrates how an attacker could exploit this vulnerability to manipulate the database.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Cosmoshop
No auth needed
Prerequisites: Access to the vulnerable Cosmoshop application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/20177
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/25649
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/919
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26534
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/18024
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/434368/100/0/threaded

Scores

EPSS 0.0125
EPSS Percentile 65.7%

Details

Status published
Products (2)
cosmoshop/cosmoshop 8.10.78
cosmoshop/cosmoshop < 8.11.106
Published May 19, 2006
Tracked Since Feb 18, 2026