CVE-2006-4957

MyReview 1.9.4 - SQL Injection via Admin.php Email Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-4957. PoCs published by STILPU.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in MyReview 1.9.4, allowing an attacker to write a PHP shell to the server's filesystem. The exploit first retrieves the local path via error-based SQL injection, then writes a shell to a writable directory, and finally provides a command execution interface.

Description

SQL injection vulnerability in the GetMember function in functions.php in MyReview 1.9.4 allows remote attackers to execute arbitrary SQL commands via the email parameter to Admin.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by STILPU · pythonwebappsphp
https://www.exploit-db.com/exploits/2397

This exploit targets a SQL injection vulnerability in MyReview 1.9.4, allowing an attacker to write a PHP shell to the server's filesystem. The exploit first retrieves the local path via error-based SQL injection, then writes a shell to a writable directory, and finally provides a command execution interface.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: MyReview 1.9.4
No auth needed
Prerequisites: Error messages must be displayed to retrieve the local path · FILES/ directory must be writable
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20105
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2397
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/21991
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29029
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3716

Scores

EPSS 0.0109
EPSS Percentile 61.2%

Details

Status published
Products (1)
the_myreview_system/myreview 1.9.4
Published Sep 23, 2006
Tracked Since Feb 18, 2026