SQL Injection Vulnerability in Discuz! GBK by Comsenz
CVE-2006-5561

Currently unrated

Key Information:

Vendor: Discuz
Status: Discuz Gbk
Vendor: CVE Published:; 27 October 2006

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2006-5561?

An SQL injection vulnerability exists in the admin control panel of Discuz! GBK 5.0.0, allowing remote attackers to manipulate database queries. This is executed through the 'cdb_auth' cookie, enabling unauthorized access to sensitive information or the execution of arbitrary SQL commands.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2006-5561 - Proof of Concept

References

http://secunia.com/advisories/22534

third-party-advisoryx_refsource_SECUNIA

https://www.exploit-db.com/exploits/2644

exploitx_refsource_EXPLOIT-DB

http://www.vupen.com/english/advisories/2006/4210

vdb-entryx_refsource_VUPEN

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Oct 27, 2006
👾
Exploit known to exist
Oct 27, 2006
Vulnerability published
Oct 27, 2006
Vulnerability Reserved
Oct 27, 2006

CVE-2006-5561 Data

JSON