Exploitation Summary
EIP tracks 1 public exploit for CVE-2006-2474. PoCs published by l0om.
AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Cosmoshop, where the 'artnum' parameter in the URL is not properly sanitized, allowing attackers to inject malicious SQL queries. The example URL demonstrates how an attacker could exploit this vulnerability to manipulate the database.
Description
SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and earlier allows remote attackers to execute arbitrary SQL commands via the artnum parameter.
Exploits (1)
The provided text describes an SQL injection vulnerability in Cosmoshop, where the 'artnum' parameter in the URL is not properly sanitized, allowing attackers to inject malicious SQL queries. The example URL demonstrates how an attacker could exploit this vulnerability to manipulate the database.