CVE-2006-6387

LINK Content Management Server - SQL Injection via IDMeniGlavni or IDStranicaPodaci Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-6387. PoCs published by Ivan Markovic.

AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in Link CMS due to insufficient input sanitization. It includes a sample exploit URL but lacks executable code.

Description

Multiple SQL injection vulnerabilities in LINK Content Management Server (CMS) allow remote attackers to execute arbitrary SQL commands via the (1) IDMeniGlavni parameter to navigacija.php, and the (2) IDStranicaPodaci parameter to prikazInformacije.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Ivan Markovic · textwebappsphp

https://www.exploit-db.com/exploits/29233

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in Link CMS due to insufficient input sanitization. It includes a sample exploit URL but lacks executable code.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: Link CMS (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable Link CMS application

MITRE ATT&CK

T1059.007 - JavaScript T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Ivan Markovic · textwebappsphp

https://www.exploit-db.com/exploits/29232

View Code ZIP pw:eip

The provided text describes multiple input-validation vulnerabilities in Link CMS, including SQL injection and XSS, due to insufficient sanitization of user-supplied data. It includes a sample URL demonstrating the vulnerability but lacks executable exploit code.

Classification

Writeup 80%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: Link CMS (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable Link CMS application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21464

Exploit third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23107

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/30744

Scores

EPSS 0.0099

EPSS Percentile 58.1%

Details

Status published

Products (1)

link_content_management_server/link_content_management_server

Published Dec 08, 2006

Tracked Since Feb 18, 2026