CVE-2006-6067
published 2006-11-22CVE-2006-6067: Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1)…
PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.06%
60.4th percentile
Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 20_20_applications | 20_20_datashed | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
20 20 Applications 20 20 Datashed 1.0 itemID sql injection (EDB-29077 / XFDB-30402)
vuldb·2026-04-28·CVSS 7.5
CVE-2006-6067 [HIGH] 20 20 Applications 20 20 Datashed 1.0 itemID sql injection (EDB-29077 / XFDB-30402)
A vulnerability, which was classified as critical, has been found in 20 20 Applications 20 20 Datashed 1.0. This impacts an unknown function. Performing a manipulation of the argument itemID results in sql injection.
This vulnerability is known as CVE-2006-6067. Remote exploitation of the attack is possible. Furthermore, an exploit is available.
GHSA
GHSA-6384-95fv-57vm: Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2006-6067 [HIGH] GHSA-6384-95fv-57vm: Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via
Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955.
No detection rules found.
Exploit-DB
20/20 Applications Data Shed 1.0 - 'listings.asp' Multiple SQL Injections
exploitdb·2006-11-17
CVE-2006-6067 20/20 Applications Data Shed 1.0 - 'listings.asp' Multiple SQL Injections
20/20 Applications Data Shed 1.0 - 'listings.asp' Multiple SQL Injections
---
source: https://www.securityfocus.com/bid/21156/info
20/20 DataShed is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Version 1.0 is vulnerable.
http://www.example.com/listings.asp?peopleID='[sql]
http://www.example.com/listings.asp?sort_order='[sql]
Exploit-DB
20/20 Applications Data Shed 1.0 - 'f-email.asp?itemID' SQL Injection
exploitdb·2006-11-17
CVE-2006-6067 20/20 Applications Data Shed 1.0 - 'f-email.asp?itemID' SQL Injection
20/20 Applications Data Shed 1.0 - 'f-email.asp?itemID' SQL Injection
---
source: https://www.securityfocus.com/bid/21156/info
20/20 DataShed is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.
Version 1.0 is vulnerable.
http://www.example.com/f-email.asp?strPeopleID=1&itemID='[sql]
No writeups or analysis indexed.
http://s-a-p.ca/index.php?page=OurAdvisories&id=40http://www.securityfocus.com/archive/1/451962/100/0/threadedhttp://www.securityfocus.com/bid/21156https://exchange.xforce.ibmcloud.com/vulnerabilities/30402http://s-a-p.ca/index.php?page=OurAdvisories&id=40http://www.securityfocus.com/archive/1/451962/100/0/threadedhttp://www.securityfocus.com/bid/21156https://exchange.xforce.ibmcloud.com/vulnerabilities/30402
2006-11-22
Published