CVE-2006-6095

ActiveNews Manager - SQL Injection via articleID or page Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-6095. PoCs published by laurent gaffie.

AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in Active News Manager but lacks actual exploit code. It references a generic example URL for SQL injection without technical details or payloads.

Description

Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp vectors are already covered by CVE-2006-6094.

Exploits (2)

exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/29087

The provided text describes SQL injection and XSS vulnerabilities in Active News Manager but lacks actual exploit code. It references a generic example URL for SQL injection without technical details or payloads.

Classification
Writeup 80%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Theoretical
Target: Active News Manager (version unspecified)
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/29086

The provided text describes SQL injection and XSS vulnerabilities in Active News Manager but does not include functional exploit code. It references a generic example URL for SQL injection without payload details.

Classification
Writeup 80%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Theoretical
Target: Active News Manager (version unspecified)
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21167
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/31569
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=116387481223790&w=2
Broken Link vdb-entry x_refsource_osvdb
http://www.osvdb.org/31568
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30352

Scores

EPSS 0.0137
EPSS Percentile 68.4%

Details

CWE
CWE-89
Status published
Products (1)
dotnetindex/active_news_manager
Published Nov 24, 2006
Tracked Since Feb 18, 2026