CVE-2006-6298

Metyus Okul Yonetim Sistemi 1.0 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6298. PoCs published by ShaFuck31.

AI-analyzed exploit summary This is a simple HTML form demonstrating an SQL injection vulnerability in Metyus Okul Yonetim Sistemi. The form submits crafted input to bypass authentication by injecting SQL conditions into the username and password fields.

Description

SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul Yonetim Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) kullanici_ismi and (2) sifre parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ShaFuck31 · htmlwebappsasp
https://www.exploit-db.com/exploits/29220

This is a simple HTML form demonstrating an SQL injection vulnerability in Metyus Okul Yonetim Sistemi. The form submits crafted input to bypass authentication by injecting SQL conditions into the username and password fields.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Metyus Okul Yonetim Sistemi
No auth needed
Prerequisites: Access to the login page of the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/453419/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30705
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1971
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21418

Scores

EPSS 0.0099
EPSS Percentile 58.1%

Details

Status published
Products (1)
maxiasp/yonetimi 1.0
Published Dec 05, 2006
Tracked Since Feb 18, 2026