CVE-2006-4497

IwebNegar 1.1 - SQL Injection via Comments.php id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4497. PoCs published by Hessam-x.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in IwebNegar 1.1, where the 'id' parameter in comments.php is not properly sanitized. This allows attackers to manipulate SQL queries via crafted input.

Description

SQL injection vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Hessam-x · textwebappsphp

https://www.exploit-db.com/exploits/28441

View Code ZIP pw:eip

The provided text describes an SQL injection vulnerability in IwebNegar 1.1, where the 'id' parameter in comments.php is not properly sanitized. This allows attackers to manipulate SQL queries via crafted input.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: IwebNegar 1.1

No auth needed

Prerequisites: Access to the vulnerable comments.php endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/28665

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/19757

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/444744/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/1480

Scores

EPSS 0.0108

EPSS Percentile 60.7%

Details

Status published

Products (1)

iwebnegar/iwebnegar 1.1

Published Aug 31, 2006

Tracked Since Feb 18, 2026