CVE-2026-30655

MEDIUM

esiclivre/esiclivre <=0.2.2 - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-30655. PoCs published by brynax.

AI-analyzed exploit summary Technical writeup detailing a SQL injection vulnerability in esiclivre's password reset endpoint via the `cpfcnpj` parameter. The root cause is improper input sanitization in `Solicitante::resetaSenha()`.

Description

SQL injection in Solicitante::resetaSenha() in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php

Exploits (1)

nomisec WRITEUP
by brynax · poc
https://github.com/brynax/CVE-2026-30655

Technical writeup detailing a SQL injection vulnerability in esiclivre's password reset endpoint via the `cpfcnpj` parameter. The root cause is improper input sanitization in `Solicitante::resetaSenha()`.

Classification
Writeup 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: esiclivre v0.2.2 and earlier
No auth needed
Prerequisites: access to the `/reset/index.php` endpoint
devstral-2 · analyzed May 03, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 6.5
EPSS 0.0051
EPSS Percentile 39.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-89
Status published
Products (1)
esiclivre/esiclivre < 0.2.2
Published Mar 24, 2026
Tracked Since Mar 24, 2026