CVE-2006-7170

Koan Software Mega Mall - SQL Injection via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-7170. PoCs published by laurent gaffie.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in Megamail, detailing multiple attack vectors via unsanitized user input in the 'product_review.php' script. It does not include executable exploit code but outlines the vulnerable parameters.

Description

Multiple SQL injection vulnerabilities in Koan Software Mega Mall allow remote attackers to execute arbitrary SQL commands via the (1) t, (2) productId, (3) sk, (4) x, or (5) so parameter to (a) product_review.php; or the (6) orderNo parameter to (b) order-track.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsphp
https://www.exploit-db.com/exploits/29026

The provided text describes SQL injection vulnerabilities in Megamail, detailing multiple attack vectors via unsanitized user input in the 'product_review.php' script. It does not include executable exploit code but outlines the vulnerable parameters.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Megamail (version not specified)
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by laurent gaffie · textwebappsphp
https://www.exploit-db.com/exploits/29027

The provided text describes a SQL injection vulnerability in Megamail, specifically in the 'order-track.php' endpoint. It lacks executable exploit code but outlines the vulnerability and potential impact.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Megamail (version not specified)
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21072
Third Party Advisory mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=116343783720459&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/30214

Scores

EPSS 0.0128
EPSS Percentile 66.2%

Details

CWE
CWE-89
Status published
Products (1)
koan_software/mega_mall
Published Mar 20, 2007
Tracked Since Feb 18, 2026