CVE-2006-5957

infinicart - SQL Injection via groupid, productid, catid, or subid Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2006-5957. PoCs published by laurent gaffie.

AI-analyzed exploit summary The provided text describes SQL injection and HTML injection vulnerabilities in Infinicart's demonstration version. It outlines potential impacts but does not include functional exploit code.

Description

Multiple SQL injection vulnerabilities in INFINICART allow remote attackers to execute arbitrary SQL commands via the (1) groupid parameter in (a) browse_group.asp, (2) productid parameter in (b) added_to_cart.asp, and (3) catid and (4) subid parameter in (c) browsesubcat.asp. NOTE: the vendor has disputed this report, saying "The vulnerabilities mentioned were never present in our official released products but only in the unofficial demo version. However we do appreciate the information. We have update our demo version and made sure all those vulnerabilities are fixed.

Exploits (3)

exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/28992

The provided text describes SQL injection and HTML injection vulnerabilities in Infinicart's demonstration version. It outlines potential impacts but does not include functional exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Infinicart (demonstration version)
No auth needed
Prerequisites: Access to the vulnerable Infinicart demonstration version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/28994

The provided text describes SQL injection vulnerabilities in Infinicart's demonstration version, specifically in the 'browsesubcat.asp' page via the 'catid' and 'subid' parameters. It lacks actual exploit code but details the vulnerability and affected endpoints.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Infinicart (demonstration version only)
No auth needed
Prerequisites: Access to the vulnerable 'browsesubcat.asp' endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/28993

The provided text describes SQL injection and HTML injection vulnerabilities in Infinicart's demonstration version. It outlines potential impacts but does not include executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Infinicart (demonstration version)
No auth needed
Prerequisites: Access to the vulnerable Infinicart demo application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4501
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22865
Third Party Advisory mailing-list x_refsource_vim
http://www.attrition.org/pipermail/vim/2006-December/001162.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21043
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/451322/100/0/threaded
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1881

Scores

EPSS 0.0118
EPSS Percentile 63.7%

Details

CWE
CWE-89
Status published
Products (1)
infinicart/infinicart
Published Nov 17, 2006
Tracked Since Feb 18, 2026