CVE-2006-6787

Newsletter MX <1.0.2 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6787. PoCs published by ajann.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in Newsletter MX <= 1.0.2 by injecting a UNION-based query to extract admin credentials from the database. It requires user input for the target directory and user ID to craft the malicious request.

Description

SQL injection vulnerability in admin/admin_mail_adressee.asp in Newsletter MX 1.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · perlwebappsasp

https://www.exploit-db.com/exploits/2998

View Code ZIP pw:eip

This Perl script exploits a SQL injection vulnerability in Newsletter MX <= 1.0.2 by injecting a UNION-based query to extract admin credentials from the database. It requires user input for the target directory and user ID to craft the malicious request.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Newsletter MX <= 1.0.2

No auth needed

Prerequisites: Target URL · Admin user ID

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21746

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/5175

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/2998

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23510

Scores

EPSS 0.0108

EPSS Percentile 60.7%

Details

Status published

Products (1)

mxmania/newsletter_mx < 1.0.2

Published Dec 28, 2006

Tracked Since Feb 18, 2026