CVE-2006-5732

T.G.S. CMS < 0.1.7 - SQL Injection via myauthorid Cookie

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5732. PoCs published by Kacper.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in T.G.S. CMS <= 0.1.7 by injecting a malicious SQL query via the 'myauthorid' cookie, creating a new admin user with known credentials.

Description

SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the myauthorid cookie.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Kacper · phpwebappsphp
https://www.exploit-db.com/exploits/2694

This exploit demonstrates a SQL injection vulnerability in T.G.S. CMS <= 0.1.7 by injecting a malicious SQL query via the 'myauthorid' cookie, creating a new admin user with known credentials.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: T.G.S. CMS <= 0.1.7
No auth needed
Prerequisites: Target server running T.G.S. CMS <= 0.1.7 · Network access to the target server
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/20850
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29941
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4667
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2694

Scores

EPSS 0.0101
EPSS Percentile 58.6%

Details

Status published
Products (1)
tgs_cms/tgs_cms < 0.1.7
Published Nov 06, 2006
Tracked Since Feb 18, 2026