CVE-2006-2883
Kmita FAQ 1.0 - Cross-Site Scripting via search.php q Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-2883. PoCs published by Luny.
AI-analyzed exploit summary The provided text describes multiple input-validation vulnerabilities in Kmita FAQ, including XSS and SQL injection, but does not contain actual exploit code. It references a generic example URL for XSS exploitation.
Description
Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Luny · textwebappsphp
https://www.exploit-db.com/exploits/27977
The provided text describes multiple input-validation vulnerabilities in Kmita FAQ, including XSS and SQL injection, but does not contain actual exploit code. It references a generic example URL for XSS exploitation.
Classification
Writeup 80%
Attack Type
Xss | Sqli
Complexity
Trivial
Reliability
Theoretical
Target:
Kmita FAQ (version unspecified)
No auth needed
Prerequisites:
Access to the vulnerable application
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (7)
Core 7
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/20471
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/435982/100/0/threaded
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2165
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016226
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/26986
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1055
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/18282
Scores
EPSS
0.0191
EPSS Percentile
77.1%
Details
Status
published
Products (1)
kke_info_media/kmita_faq
1.0
Published
Jun 07, 2006
Tracked Since
Feb 18, 2026