Exploitation Summary
EIP tracks 1 public exploit for CVE-2006-5398. PoCs published by w4ck1ng.
AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in Simplog 0.9.3.1, allowing an attacker to extract admin credentials (username and MD5 password hash) by manipulating the 'cid' parameter in the comments.php script.
Description
SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by w4ck1ng · phpwebappsphp
https://www.exploit-db.com/exploits/2574
This exploit targets a SQL injection vulnerability in Simplog 0.9.3.1, allowing an attacker to extract admin credentials (username and MD5 password hash) by manipulating the 'cid' parameter in the comments.php script.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
Simplog 0.9.3.1
No auth needed
Prerequisites:
At least one blog entry must exist · Target must be running Simplog 0.9.3.1
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
http://www.simplog.org/archive.php?blogid=1&pid=57
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/2574
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/20556
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1017087
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/449092/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29590
Scores
EPSS
0.0127
EPSS Percentile
65.9%
Details
Status
published
Products (1)
simplog/simplog
0.9.3.1
Published
Oct 18, 2006
Tracked Since
Feb 18, 2026