SQL Injection Vulnerability in Powie's PHP MatchMaker
CVE-2006-6039

Currently unrated

Key Information:

Vendor: Powie
Status: PHP Matchmaker
Vendor: CVE Published:; 22 November 2006

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2006-6039?

An SQL injection vulnerability exists in the matchdetail.php file of Powie's PHP MatchMaker versions 4.05 and earlier. This security flaw permits remote attackers to craft requests that execute arbitrary SQL commands, potentially compromising the integrity and confidentiality of the system's database. By manipulating the 'edit' parameter, attackers can interact with the database in unauthorized ways, leading to potential data exposure or loss.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2006-6039 - Proof of Concept

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/30360

vdb-entryx_refsource_XF

http://www.vupen.com/english/advisories/2006/4611

vdb-entryx_refsource_VUPEN

http://secunia.com/advisories/22966

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 22, 2006
👾
Exploit known to exist
Nov 22, 2006
Vulnerability published
Nov 22, 2006
Vulnerability Reserved
Nov 21, 2006

CVE-2006-6039 Data

JSON