CVE-2006-6776

Future Internet - SQL Injection via newsId, categoryid, or langId Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6776. PoCs published by Linux_Drox.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in Future Internet software due to insufficient input sanitization. It includes example URLs demonstrating vulnerable parameters but lacks executable exploit code.

Description

Multiple SQL injection vulnerabilities in Future Internet allow remote attackers to execute arbitrary SQL commands via the (1) newsId or (2) categoryid parameter in a Portal.Showpage action in index.cfm, or (3) the langId parameter in index.cfm.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Linux_Drox · textwebappscfm

https://www.exploit-db.com/exploits/29334

View Code ZIP pw:eip

The provided text describes SQL injection vulnerabilities in Future Internet software due to insufficient input sanitization. It includes example URLs demonstrating vulnerable parameters but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: Future Internet (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/455206/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/2061

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21727

Scores

EPSS 0.0098

EPSS Percentile 57.7%

Details

Status published

Products (1)

future_internet/future_internet

Published Dec 28, 2006

Tracked Since Feb 18, 2026