EIP-2026-100189
PRE-CVECartWIZ 1.10 - 'ProductDetails.asp' SQL Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-100189. PoCs published by Dcrab.
AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in CartWIZ, where unsanitized user input in the 'idProduct' parameter can be exploited to manipulate SQL queries. No actual exploit code is present, only a description and example URL.
Description
CartWIZ 1.10 - 'ProductDetails.asp' SQL Injection
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Dcrab · textwebappsasp
https://www.exploit-db.com/exploits/25508
The provided text describes an SQL injection vulnerability in CartWIZ, where unsanitized user input in the 'idProduct' parameter can be exploited to manipulate SQL queries. No actual exploit code is present, only a description and example URL.
Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target:
CartWIZ (version unspecified)
No auth needed
Prerequisites:
Access to the vulnerable CartWIZ application
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026