CVE-2006-6029
published 2006-11-21CVE-2006-6029: SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field.
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.18%
63.7th percentile
SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| property_pro | property_pro | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Property Pro 1.0 Login vir_login.asp sql injection (EDB-2774 / BID-24992)
vuldb·2026-04-28·CVSS 7.5
CVE-2006-6029 [HIGH] Property Pro 1.0 Login vir_login.asp sql injection (EDB-2774 / BID-24992)
A vulnerability was found in Property Pro 1.0 and classified as critical. This vulnerability affects unknown code of the file vir_login.asp of the component Login. The manipulation results in sql injection.
This vulnerability is identified as CVE-2006-6029. The attack can be executed remotely. Additionally, an exploit exists.
GHSA
GHSA-wcjj-mhx4-9fv6: SQL injection vulnerability in vir_Login
ghsa_unreviewed·2022-05-01
CVE-2006-6029 [HIGH] GHSA-wcjj-mhx4-9fv6: SQL injection vulnerability in vir_Login
SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the UserName field.
GHSA
GHSA-4332-wp3g-6j7g: SQL injection vulnerability in vir_login
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2007-3992 [HIGH] GHSA-4332-wp3g-6j7g: SQL injection vulnerability in vir_login
SQL injection vulnerability in vir_login.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by CVE-2006-6029. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
No detection rules found.
No writeups or analysis indexed.
http://securityreason.com/securityalert/1894http://www.securityfocus.com/archive/1/451364/100/100/threadedhttp://www.securityfocus.com/archive/1/474321/100/0/threadedhttp://www.securityfocus.com/bid/24992http://securityreason.com/securityalert/1894http://www.securityfocus.com/archive/1/451364/100/100/threadedhttp://www.securityfocus.com/archive/1/474321/100/0/threadedhttp://www.securityfocus.com/bid/24992
2006-11-21
Published