CVE-2006-6109

CandyPress Store 3.5.2.14 - SQL Injection via Policy or Brand Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-6109. PoCs published by laurent gaffie.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in CandyPress Store version 3.5.2.14, where the 'brand' parameter in 'prodList.asp' is not properly sanitized. It includes a sample exploit URL but lacks actual exploit code or proof-of-concept implementation.

Description

Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) policy parameter in openPolicy.asp or the (2) brand parameter in prodList.asp.

Exploits (2)

exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/29038

The provided text describes a SQL injection vulnerability in CandyPress Store version 3.5.2.14, where the 'brand' parameter in 'prodList.asp' is not properly sanitized. It includes a sample exploit URL but lacks actual exploit code or proof-of-concept implementation.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: CandyPress Store 3.5.2.14
No auth needed
Prerequisites: Access to the vulnerable endpoint · Basic knowledge of SQL injection techniques
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/29037

The provided text describes a SQL injection vulnerability in CandyPress Store version 3.5.2.14, where the 'policy' parameter in 'openPolicy.asp' is not properly sanitized. It includes a sample exploit URL but lacks actual exploit code or payload details.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: CandyPress Store 3.5.2.14
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30346
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21090/info
Exploit third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22954
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=116372253323469&w=2
Not Applicable vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4577
Broken Link, URL Repurposed x_refsource_misc
http://s-a-p.ca/index.php?page=OurAdvisories&id=25

Scores

EPSS 0.0138
EPSS Percentile 68.5%

Details

CWE
CWE-89
Status published
Products (1)
candypress/candypress_store 3.5.2.14
Published Nov 26, 2006
Tracked Since Feb 18, 2026