CVE-2006-6094

ActiveNews Manager - SQL Injection via catID, articleID, or query Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-6094. PoCs published by laurent gaffie.

AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in Active News Manager, but lacks actual exploit code. It references a URL parameter vulnerable to SQL injection without demonstrating exploitation.

Description

Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) catID parameter to activeNews_categories.asp, the (2) articleID parameter to activeNews_comments.asp, or the (3) query parameter to activenews_search.asp.

Exploits (2)

exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/29090

The provided text describes SQL injection and XSS vulnerabilities in Active News Manager, but lacks actual exploit code. It references a URL parameter vulnerable to SQL injection without demonstrating exploitation.

Classification
Writeup 80%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Theoretical
Target: Active News Manager (version unspecified)
No auth needed
Prerequisites: Network access to the target application · Vulnerable parameter in the URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/29089

The provided text describes SQL injection and XSS vulnerabilities in Active News Manager but lacks actual exploit code. It references a generic example URL for SQL injection without technical details or payloads.

Classification
Writeup 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Theoretical
Target: Active News Manager (version unspecified)
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21167
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/30520
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1910
Not Applicable vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4600
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/30518
Exploit, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/452015
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=116388432326444&w=2
Broken Link, Exploit, Vendor Advisory, URL Repurposed x_refsource_misc
http://s-a-p.ca/index.php?page=OurAdvisories&id=31
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/451884/100/100/threaded
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/30519
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30352
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22981

Scores

EPSS 0.0348
EPSS Percentile 87.6%

Details

CWE
CWE-89
Status published
Products (1)
dotnetindex/active_news_manager
Published Nov 24, 2006
Tracked Since Feb 18, 2026