CVE-2006-6709

MGinternet Property Site Manager - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2006-6709. PoCs published by laurent gaffie.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in MGinternet Property Site Manager, with example URLs demonstrating unsanitized input. No actual exploit code is present, only a vulnerability description and proof-of-concept URLs.

Description

Multiple SQL injection vulnerabilities in MGinternet Property Site Manager allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) detail.asp; the (2) l, (3) typ, or (4) loc parameter to (b) listings.asp; or the (5) Password or (6) Username parameter to (c) admin_login.asp. NOTE: some of these details are obtained from third party information.

Exploits (3)

exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/29030

The provided text describes SQL injection vulnerabilities in MGinternet Property Site Manager, with example URLs demonstrating unsanitized input. No actual exploit code is present, only a vulnerability description and proof-of-concept URLs.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: MGinternet Property Site Manager
No auth needed
Prerequisites: Access to the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/29029

The provided text describes SQL injection and XSS vulnerabilities in MGinternet Property Site Manager due to insufficient input sanitization. It includes a basic example URL for SQL injection but lacks executable exploit code.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: MGinternet Property Site Manager
No auth needed
Prerequisites: Access to the vulnerable application endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsasp
https://www.exploit-db.com/exploits/29031

The provided text describes an SQL injection vulnerability in MGinternet Property Site Manager, allowing authentication bypass via crafted credentials. No actual exploit code is present, only a description and example payload.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: MGinternet Property Site Manager
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/451565
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21073
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30289
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2078
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30291

Scores

EPSS 0.0103
EPSS Percentile 59.3%

Details

Status published
Products (1)
mginternet/property_site_manager
Published Dec 23, 2006
Tracked Since Feb 18, 2026