CVE-2006-5707

PHPEasyData Pro 1.4.1 and 2.2.1 - SQL Injection via Cat Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5707. PoCs published by ajann.

AI-analyzed exploit summary This is a functional SQL injection exploit for PHPEasyData Pro 2.2.2, targeting the 'index.php' file to extract user credentials via a crafted UNION-based SQL query. The exploit automates the attack via an ASP script and displays the retrieved username and password.

Description

SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and 2.2.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · webappsphp

https://www.exploit-db.com/exploits/2675

View Code ZIP pw:eip

This is a functional SQL injection exploit for PHPEasyData Pro 2.2.2, targeting the 'index.php' file to extract user credentials via a crafted UNION-based SQL query. The exploit automates the attack via an ASP script and displays the retrieved username and password.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: PHPEasyData Pro 2.2.2

No auth needed

Prerequisites: Target URL with vulnerable PHPEasyData Pro installation · User ID to query

MITRE ATT&CK