CVE-2006-6152

vSpin.net Classified System 2004 - SQL Injection via cat Parameter or search.asp Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-6152. PoCs published by laurent gaffie.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in vSpin Classified System, detailing multiple attack vectors via the 'search.asp' endpoint. It does not contain executable exploit code but outlines injection points for manual exploitation.

Description

Multiple SQL injection vulnerabilities in vSpin.net Classified System 2004 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to (a) cat.asp, or the (2) keyword, (3) order, (4) sort, (5) menuSelect, or (6) state parameter to (b) search.asp.

Exploits (2)

exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/29104

The provided text describes SQL injection vulnerabilities in vSpin Classified System, detailing multiple attack vectors via the 'search.asp' endpoint. It does not contain executable exploit code but outlines injection points for manual exploitation.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: vSpin Classified System
No auth needed
Prerequisites: Access to the vulnerable 'search.asp' endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/29103

The provided text describes SQL injection and XSS vulnerabilities in vSpin Classified System due to insufficient input sanitization. It includes a basic example URL for SQL injection but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: vSpin Classified System
No auth needed
Prerequisites: Access to the vulnerable application URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22987
URL Repurposed x_refsource_misc
http://s-a-p.ca/index.php?page=OurAdvisories&id=47
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1017259
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1926
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21190
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30444
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/452179/100/100/threaded

Scores

EPSS 0.0123
EPSS Percentile 64.9%

Details

Status published
Products (1)
vspin.net/classified_system 2004
Published Nov 28, 2006
Tracked Since Feb 18, 2026