CVE-2006-5914

SAMEDIA LandShop - SQL Injection via ls.php infield Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-5914. PoCs published by laurent gaffie.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in LandShop software, detailing multiple attack vectors via unsanitized input parameters. It does not include executable exploit code but outlines potential injection points.

Description

SQL injection vulnerability in ls.php in SAMEDIA LandShop allows remote attackers to execute arbitrary SQL commands via the infield parameter. NOTE: the start, search_order, search_type, and search_area parameters are already covered by CVE-2005-4018.

Exploits (1)

exploitdb WRITEUP VERIFIED

by laurent gaffie · textwebappsphp

https://www.exploit-db.com/exploits/28951

View Code ZIP pw:eip

The provided text describes SQL injection vulnerabilities in LandShop software, detailing multiple attack vectors via unsanitized input parameters. It does not include executable exploit code but outlines potential injection points.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: LandShop (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK