Exploitation Summary
EIP tracks 1 public exploit for CVE-2006-4601. PoCs published by DarkFig.
AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in Annuaire 1Two 2.2 by injecting a UNION SELECT query to extract admin credentials (username and password) from the database without requiring authentication.
Description
SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by DarkFig · perlwebappsphp
https://www.exploit-db.com/exploits/2289
This Perl script exploits a SQL injection vulnerability in Annuaire 1Two 2.2 by injecting a UNION SELECT query to extract admin credentials (username and password) from the database without requiring authentication.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
Annuaire 1Two 2.2
No auth needed
Prerequisites:
Target must be running Annuaire 1Two 2.2 · Network access to the target web application
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (7)
Core 7
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/19817
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21734
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1496
Exploit x_refsource_misc
http://acid-root.new.fr/poc/09060902.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/28730
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/445010/100/0/threaded
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3440
Scores
EPSS
0.0126
EPSS Percentile
65.8%
Details
Status
published
Products (1)
annuaire/1two
2.2
Published
Sep 07, 2006
Tracked Since
Feb 18, 2026