CVE-2006-4606
Longino Jacome php-Revista 1.1.2 - SQL Injection via Multiple Parameters
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2006-4606. PoCs published by SirDarckCat, Cold Zero.
AI-analyzed exploit summary This is a writeup detailing multiple vulnerabilities in Revista 1.1.2, including Remote File Inclusion, SQL Injection, Credentials Bypass, and XSS. It provides URLs for exploitation but lacks executable code.
Description
Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) id_temas parameter in busqueda_tema.php, the (2) cadena parameter in busqueda.php, the (3) id_autor parameter in autor.php, the (4) email parameter in lista.php, and the (5) id_articulo parameter in articulo.php.
Exploits (2)
This is a writeup detailing multiple vulnerabilities in Revista 1.1.2, including Remote File Inclusion, SQL Injection, Credentials Bypass, and XSS. It provides URLs for exploitation but lacks executable code.
This exploit demonstrates SQL injection vulnerabilities in php-revista <= 1.1.2, allowing attackers to extract sensitive information such as email, login, and password from the 'autores' table. The exploit provides multiple endpoints and styles for execution.