CVE-2006-6806

Enthrallweb eMates 1.0 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6806. PoCs published by ajann.

AI-analyzed exploit summary This Perl script exploits a SQL injection vulnerability in Enthrallweb emates 1.0 via the 'newsdetail.asp' page to extract admin credentials. It crafts a malicious SQL query to dump the username and password from the admin table.

Description

SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · perlwebappsasp

https://www.exploit-db.com/exploits/2990

View Code ZIP pw:eip

This Perl script exploits a SQL injection vulnerability in Enthrallweb emates 1.0 via the 'newsdetail.asp' page to extract admin credentials. It crafts a malicious SQL query to dump the username and password from the admin table.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Enthrallweb emates 1.0

No auth needed

Prerequisites: Target must be running Enthrallweb emates 1.0 with exposed 'newsdetail.asp' page

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/2990

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/5158

Exploit, Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/23521

Scores

EPSS 0.0102

EPSS Percentile 58.7%

Details

Status published

Products (1)

enthrallweb/emates 1.0

Published Dec 28, 2006

Tracked Since Feb 18, 2026