CVE-2006-3963

Banex PHP MySQL Banner Exchange 2.21 - SQL Injection via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-3963. PoCs published by SirDarckCat.

AI-analyzed exploit summary The provided text describes SQL injection and remote file inclusion vulnerabilities in PHP MySQL Banner Exchange 2.1, but does not include functional exploit code. It outlines attack vectors without executable payloads.

Description

Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) id, (3) deleteuserbanner, (4) viewmem, (5) viewmemunb, (6) viewunmem,or (7) deleteuser parameters to (b) admin.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by SirDarckCat · textwebappsphp
https://www.exploit-db.com/exploits/28306

The provided text describes SQL injection and remote file inclusion vulnerabilities in PHP MySQL Banner Exchange 2.1, but does not include functional exploit code. It outlines attack vectors without executable payloads.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: PHP MySQL Banner Exchange 2.1
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by SirDarckCat · textwebappsphp
https://www.exploit-db.com/exploits/28307

This is a writeup describing SQL injection and remote file inclusion vulnerabilities in PHP MySQL Banner Exchange 2.1. It provides example URLs demonstrating SQLi vectors but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: PHP MySQL Banner Exchange 2.1
No auth needed
Prerequisites: Access to vulnerable admin.php endpoints
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Mailing List mailing-list x_refsource_fulldisc
http://marc.info/?l=full-disclosure&m=115423462216111&w=2
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/19240

Scores

EPSS 0.0107
EPSS Percentile 60.5%

Details

Status published
Products (1)
banex/banex 2.21
Published Aug 01, 2006
Tracked Since Feb 18, 2026