CVE-2006-6521

Messageriescripthp 2.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6521. PoCs published by Mr_KaLiMaN.

AI-analyzed exploit summary The provided text describes SQL injection and XSS vulnerabilities in Messageriescripthp V2.0, with an example URL demonstrating the SQL injection point. No actual exploit code is included.

Description

SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 allows remote attackers to execute arbitrary SQL commands via the aa parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Mr_KaLiMaN · textwebappsphp

https://www.exploit-db.com/exploits/29242

View Code ZIP pw:eip

The provided text describes SQL injection and XSS vulnerabilities in Messageriescripthp V2.0, with an example URL demonstrating the SQL injection point. No actual exploit code is included.

Classification

Writeup 80%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Messageriescripthp V2.0

No auth needed

Prerequisites: Access to the vulnerable application

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/2026

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21513

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23319

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/453965/100/0/threaded

Scores

EPSS 0.0099

EPSS Percentile 58.0%

Details

Status published

Products (1)

scriptphp/messageriescripthp 2.0

Published Dec 14, 2006

Tracked Since Feb 18, 2026