CVE-2006-5566

Shop-Script - HTTP Response Splitting

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5566. PoCs published by Debasis Mohanty.

AI-analyzed exploit summary This exploit demonstrates an HTTP response-splitting vulnerability in Shop-Script by injecting arbitrary headers via unsanitized user input. The attacker manipulates the `links_exchange` parameter to inject a custom header, which is reflected in the server's response.

Description

CRLF injection vulnerability in premium/index.php in Shop-Script allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the (1) links_exchange, (2) news, (3) search_with_change_category_ability, (4) logging, (5) feedback, (6) show_price, (7) register, (8) answer, (9) productID, and (10) inside parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Debasis Mohanty · textwebappsphp
https://www.exploit-db.com/exploits/28845

This exploit demonstrates an HTTP response-splitting vulnerability in Shop-Script by injecting arbitrary headers via unsanitized user input. The attacker manipulates the `links_exchange` parameter to inject a custom header, which is reflected in the server's response.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Shop-Script (version not specified)
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22541
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/449499/100/0/threaded
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4219
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20685
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1791

Scores

EPSS 0.0220
EPSS Percentile 80.2%

Details

Status published
Products (1)
webasyst_llc/shop-script
Published Oct 27, 2006
Tracked Since Feb 18, 2026