CVE-2006-6160

Liberum Help Desk <= 0.97.3 - SQL Injection via details.asp id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6160. PoCs published by ajann.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Liberum Help Desk <= 0.97.3 via the 'id' parameter in details.asp. The example shows how to update all user passwords to a known value ('kro').

Description

SQL injection vulnerability in details.asp in Doug Luxem Liberum Help Desk 0.97.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · textwebappsasp

https://www.exploit-db.com/exploits/2846

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Liberum Help Desk <= 0.97.3 via the 'id' parameter in details.asp. The example shows how to update all user passwords to a known value ('kro').

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Liberum Help Desk <= 0.97.3

No auth needed

Prerequisites: Access to the details.asp page

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21292

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/30485

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/4704

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/2846

Scores

EPSS 0.0099

EPSS Percentile 57.9%

Details

Status published

Products (1)

doug_luxem/liberum_help_desk 0.97.3

Published Nov 28, 2006

Tracked Since Feb 18, 2026