CVE-2006-6067

20/20 DataShed - SQL Injection via itemID, peopleID, or sort_order Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-6067. PoCs published by laurent gaffie.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in 20/20 DataShed version 1.0, where user-supplied input in the 'peopleID' and 'sort_order' parameters is not properly sanitized. Exploitation could lead to database manipulation or access to sensitive data.

Description

Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955.

Exploits (2)

exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/29078

The provided text describes SQL injection vulnerabilities in 20/20 DataShed version 1.0, where user-supplied input in the 'peopleID' and 'sort_order' parameters is not properly sanitized. Exploitation could lead to database manipulation or access to sensitive data.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: 20/20 DataShed 1.0
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/29077

The provided text describes a SQL injection vulnerability in 20/20 DataShed version 1.0, where the 'strPeopleID' and 'itemID' parameters in 'f-email.asp' are not properly sanitized. It includes a basic example URL to demonstrate the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: 20/20 DataShed 1.0
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30402
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21156
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/451962/100/0/threaded
Exploit, Vendor Advisory, URL Repurposed x_refsource_misc
http://s-a-p.ca/index.php?page=OurAdvisories&id=40

Scores

EPSS 0.0100
EPSS Percentile 58.3%

Details

Status published
Products (1)
20_20_applications/20_20_datashed 1.0
Published Nov 22, 2006
Tracked Since Feb 18, 2026