CVE-2006-6559

Lotfian Request For Travel 1.0 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6559. PoCs published by ajann.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Request For Travel 1.0 via the ProductDetails.asp page. The PoC shows how to manipulate the NewsTitle field in the gtsNews table by injecting SQL queries through the PID parameter.

Description

SQL injection vulnerability in ProductDetails.asp in Lotfian Request For Travel 1.0 allows remote attackers to execute arbitrary SQL commands via the PID parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ajann · textwebappsasp
https://www.exploit-db.com/exploits/2908

This exploit demonstrates a SQL injection vulnerability in Request For Travel 1.0 via the ProductDetails.asp page. The PoC shows how to manipulate the NewsTitle field in the gtsNews table by injecting SQL queries through the PID parameter.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Request For Travel 1.0
No auth needed
Prerequisites: Access to the ProductDetails.asp page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4933
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2908
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30836

Scores

EPSS 0.0102
EPSS Percentile 58.9%

Details

Status published
Products (1)
lotfian/request_for_travel 1.0
Published Dec 14, 2006
Tracked Since Feb 18, 2026