EIP-2026-100391

PRE-CVE

Kronos Telestaff < 2.92EU29 - SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100391. PoCs published by Goran Tuzovic.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in Kronos Telestaff Web Application versions prior to 2.92EU29. The PoC includes examples for extracting database information and executing remote commands via SQL injection in the 'user' POST parameter.

Description

Kronos Telestaff < 2.92EU29 - SQL Injection

Exploits (1)

exploitdb WORKING POC

by Goran Tuzovic · textwebappsasp

https://www.exploit-db.com/exploits/42127

View Code ZIP pw:eip

This exploit demonstrates a blind SQL injection vulnerability in Kronos Telestaff Web Application versions prior to 2.92EU29. The PoC includes examples for extracting database information and executing remote commands via SQL injection in the 'user' POST parameter.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Kronos Telestaff Web Application < 2.92EU29

No auth needed

Prerequisites: Valid 'code' POST parameter · Access to the login page URL

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026