CVE-2006-6117
published 2006-11-26CVE-2006-6117: SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the which parameter.
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.19%
64.1th percentile
SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the which parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fipsasp | fipsgallery | <= 1.5 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Fipsasp fipsGallery 1.5 index1.asp which sql injection (EDB-2829 / BID-21254)
vuldb·2026-04-28·CVSS 7.5
CVE-2006-6117 [HIGH] Fipsasp fipsGallery 1.5 index1.asp which sql injection (EDB-2829 / BID-21254)
A vulnerability marked as critical has been reported in Fipsasp fipsGallery 1.5. This vulnerability affects unknown code of the file index1.asp. The manipulation of the argument which leads to sql injection.
This vulnerability is listed as CVE-2006-6117. The attack may be initiated remotely. In addition, an exploit is available.
GHSA
GHSA-w5c2-v3vp-f6q9: SQL injection vulnerability in index1
ghsa_unreviewed·2022-05-01
CVE-2006-6117 [HIGH] GHSA-w5c2-v3vp-f6q9: SQL injection vulnerability in index1
SQL injection vulnerability in index1.asp in fipsGallery 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the which parameter.
Suricata
ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6117 [HIGH] ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which INSERT
ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which INSERT"; flow:established,to_server; http.uri; content:"/index1.asp?"; nocase; content:"which="; nocase; content:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/i"; reference:cve,CVE-2006-6117; reference:url,www.milw0rm.com/exploits/2829; classtype:web-application-attack; sid:2007376; rev:7; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, m
Suricata
ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6117 [HIGH] ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which UNION SELECT
ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which UNION SELECT"; flow:established,to_server; http.uri; content:"/index1.asp?"; nocase; content:"which="; nocase; content:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/i"; reference:cve,CVE-2006-6117; reference:url,www.milw0rm.com/exploits/2829; classtype:web-application-attack; sid:2007375; rev:7; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_techniqu
Suricata
ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6117 [HIGH] ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which ASCII
ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which ASCII"; flow:established,to_server; http.uri; content:"/index1.asp?"; nocase; content:"which="; nocase; content:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/i"; reference:cve,CVE-2006-6117; reference:url,www.milw0rm.com/exploits/2829; classtype:web-application-attack; sid:2007378; rev:7; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, m
Suricata
ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6117 [HIGH] ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which UPDATE
ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which UPDATE"; flow:established,to_server; http.uri; content:"/index1.asp?"; nocase; content:"which="; nocase; content:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/i"; reference:cve,CVE-2006-6117; reference:url,www.milw0rm.com/exploits/2829; classtype:web-application-attack; sid:2007379; rev:7; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mi
Suricata
ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6117 [HIGH] ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which SELECT
ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which SELECT"; flow:established,to_server; http.uri; content:"/index1.asp?"; nocase; content:"which="; nocase; content:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/i"; reference:cve,CVE-2006-6117; reference:url,www.milw0rm.com/exploits/2829; classtype:web-application-attack; sid:2007374; rev:7; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, m
Suricata
ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6117 [HIGH] ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which DELETE
ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS fipsGallery SQL Injection Attempt -- index1.asp which DELETE"; flow:established,to_server; http.uri; content:"/index1.asp?"; nocase; content:"which="; nocase; content:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/i"; reference:cve,CVE-2006-6117; reference:url,www.milw0rm.com/exploits/2829; classtype:web-application-attack; sid:2007377; rev:7; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, m
No writeups or analysis indexed.
http://secunia.com/advisories/23056http://www.securityfocus.com/bid/21254http://www.vupen.com/english/advisories/2006/4683https://www.exploit-db.com/exploits/2829http://secunia.com/advisories/23056http://www.securityfocus.com/bid/21254http://www.vupen.com/english/advisories/2006/4683https://www.exploit-db.com/exploits/2829
2006-11-26
Published