CVE-2006-6941

FreeWebshop <2.2.2 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6941. PoCs published by Spiked.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in FreeWebShop 2.2.x, including SQL injection for authentication bypass, file disclosure, and arbitrary file creation leading to remote code execution. It provides clear, functional payloads for each attack vector.

Description

index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to obtain sensitive information via an invalid action parameter in an info operation, which discloses the path in an error message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Spiked · textwebappsphp

https://www.exploit-db.com/exploits/2704

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in FreeWebShop 2.2.x, including SQL injection for authentication bypass, file disclosure, and arbitrary file creation leading to remote code execution. It provides clear, functional payloads for each attack vector.

Classification

Working Poc 100%

Attack Type

Sqli | Auth Bypass | Info Leak | Rce

Complexity

Trivial

Reliability

Reliable

Target: FreeWebShop 2.2.x (and possibly lower)

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/2704

Patch x_refsource_confirm

http://www.freewebshop.org/?id=27

Scores

EPSS 0.0228

EPSS Percentile 80.8%

Details

Status published

Products (1)

freewebshop/freewebshop < 2.2.2

Published Jan 19, 2007

Tracked Since Feb 18, 2026