CVE-2006-5772

freewebshop < 2.2.1 - SQL Injection via Password or Prod Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5772. PoCs published by Spiked.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in FreeWebShop 2.2.x, including SQL injection for authentication bypass, file disclosure, and arbitrary file creation leading to remote code execution. It provides clear, functional payloads for each attack vector.

Description

Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) prod parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Spiked · textwebappsphp
https://www.exploit-db.com/exploits/2704

The exploit demonstrates multiple vulnerabilities in FreeWebShop 2.2.x, including SQL injection for authentication bypass, file disclosure, and arbitrary file creation leading to remote code execution. It provides clear, functional payloads for each attack vector.

Classification
Working Poc 100%
Attack Type
Sqli | Auth Bypass | Info Leak | Rce
Complexity
Trivial
Reliability
Reliable
Target: FreeWebShop 2.2.x (and possibly lower)
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4332
Various Sources x_refsource_confirm
http://www.freewebshop.org/index.php?id=27
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2704
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22664
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29990

Scores

EPSS 0.0112
EPSS Percentile 61.9%

Details

Status published
Products (1)
freewebshop/freewebshop < 2.2.1
Published Nov 06, 2006
Tracked Since Feb 18, 2026