CVE-2026-9082

This PoC demonstrates an error-based SQL injection in Drupal Core 10.5.5 via JSON:API filter parameters, exploiting PostgreSQL error messages to disclose database information. The exploit crafts a malicious filter condition to trigger SQL errors containing sensitive data.

This repository contains a functional exploit for CVE-2026-9082, demonstrating a Drupal JSON:API PostgreSQL SQL injection that escalates to remote code execution (RCE). The exploit leverages PostgreSQL superuser privileges to write a preload library, reload configuration, and execute arbitrary commands.

This repository contains a mass scanner for detecting CVE-2026-9082, an error-based SQL injection vulnerability in Drupal Core 10.5.5 (PostgreSQL). The script checks for the vulnerability by sending crafted requests to multiple targets and analyzing error responses.

This repository contains functional exploit code for CVE-2026-9082, a PostgreSQL SQL injection vulnerability in Drupal Core. The exploit demonstrates both detection (scanner) and remote code execution (RCE) via SQL injection, leveraging PostgreSQL large objects and session_preload_libraries manipulation.

This repository contains a functional Python-based PoC for CVE-2026-9082, demonstrating unauthenticated SQL injection in Drupal Core's PostgreSQL backend via two exploit paths: the login endpoint and JSON:API filter parameter injection.

This repository contains a semi-passive scanner for detecting Drupal installations potentially vulnerable to CVE-2026-9082, a PostgreSQL SQL injection vulnerability. The scanner performs version fingerprinting, PostgreSQL detection, and endpoint probing without sending any exploit payloads.

The repository claims to be a checker for a Drupal Blind SQL Injection vulnerability but contains no actual code or technical details. It appears to be a placeholder or lure.

This repository contains a functional exploit for CVE-2026-9082, a critical SQL injection vulnerability in Drupal Core (8.0-11.3.9) with PostgreSQL backend. The exploit leverages JSON:API filter array key injection via PDO placeholder name abuse to achieve unauthenticated SQLi, enabling data exfiltration, privilege escalation, and potential RCE.

This repository contains a functional Python-based PoC for CVE-2026-9082, a SQL injection vulnerability in Drupal core's PostgreSQL entity-query condition translator. The exploit leverages the JSON:API layer to inject malformed SQL conditions, causing a 500 error if the target is vulnerable.

This repository contains a functional Python-based exploit for CVE-2026-9082, a PostgreSQL SQL injection vulnerability in Drupal Core. The exploit leverages unsanitized array keys in JSON:API filter parameters to inject arbitrary SQL, with support for time-based and boolean-based detection, as well as data extraction.

The repository contains a Python script that checks for the presence of Drupal and tests for potential vulnerability to CVE-2026-9082 by probing specific endpoints. It does not include exploit code but provides a detection mechanism.

This repository provides a detailed technical analysis of CVE-2026-9082, a SQL injection vulnerability in Drupal Core's database abstraction API affecting PostgreSQL backends. It includes root cause analysis, exploitation techniques, mitigation steps, and detection signals.

This repository contains a functional exploit PoC for CVE-2026-9082, a SQL injection vulnerability in Drupal 8.0-11.3.9 via attacker-controlled array keys in JSON:API filter values. The PoC includes a Python script to detect and validate the vulnerability, along with detailed analysis and a lab setup for testing.