CVE-2026-9082

The repository claims to be a checker for a Drupal Blind SQL Injection vulnerability but contains no actual code or technical details. It appears to be a placeholder or lure.

This repository contains a functional exploit for CVE-2026-9082, a critical SQL injection vulnerability in Drupal Core (8.0-11.3.9) with PostgreSQL backend. The exploit leverages JSON:API filter array key injection via PDO placeholder name abuse to achieve unauthenticated SQLi, enabling data exfiltration, privilege escalation, and potential RCE.

This repository contains a functional Python-based PoC for CVE-2026-9082, a SQL injection vulnerability in Drupal core's PostgreSQL entity-query condition translator. The exploit leverages the JSON:API layer to inject malformed SQL conditions, causing a 500 error if the target is vulnerable.

This repository contains a functional Python-based exploit for CVE-2026-9082, a PostgreSQL SQL injection vulnerability in Drupal Core. The exploit leverages unsanitized array keys in JSON:API filter parameters to inject arbitrary SQL, with support for time-based and boolean-based detection, as well as data extraction.

The repository contains a Python script that checks for the presence of Drupal and tests for potential vulnerability to CVE-2026-9082 by probing specific endpoints. It does not include exploit code but provides a detection mechanism.

This repository provides a detailed technical analysis of CVE-2026-9082, a SQL injection vulnerability in Drupal Core's database abstraction API affecting PostgreSQL backends. It includes root cause analysis, exploitation techniques, mitigation steps, and detection signals.

This repository contains a functional exploit PoC for CVE-2026-9082, a SQL injection vulnerability in Drupal 8.0-11.3.9 via attacker-controlled array keys in JSON:API filter values. The PoC includes a Python script to detect and validate the vulnerability, along with detailed analysis and a lab setup for testing.