CVE-2006-7005

PSY Auction - SQL Injection via item.php id Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-7005. PoCs published by Luny.

AI-analyzed exploit summary The provided text describes SQL injection and HTML injection vulnerabilities in PSY Auction due to improper input sanitization. It includes a basic example URL demonstrating SQL injection but lacks executable exploit code.

Description

SQL injection vulnerability in item.php in PSY Auction allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luny · textwebappsphp

https://www.exploit-db.com/exploits/27869

View Code ZIP pw:eip

The provided text describes SQL injection and HTML injection vulnerabilities in PSY Auction due to improper input sanitization. It includes a basic example URL demonstrating SQL injection but lacks executable exploit code.

Classification

Writeup 80%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: PSY Auction (version unspecified)

No auth needed

Prerequisites: Access to the vulnerable application

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/17974

Exploit x_refsource_misc

http://www.securityfocus.com/data/vulnerabilities/exploits/PSYAuction-0515-sql-html.txt

Scores

EPSS 0.0093

EPSS Percentile 55.8%

Details

Status published

Products (1)

php_script_tools/psy_auction

Published Feb 12, 2007

Tracked Since Feb 18, 2026