EIP-2026-100615

PRE-CVE

Web Wiz (Multiple Products) - SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100615. PoCs published by DevilBox.

AI-analyzed exploit summary This is a proof-of-concept for an SQL injection vulnerability in multiple Web Wiz products, allowing authentication bypass via crafted input in the login form. The exploit demonstrates how an attacker can manipulate the 'txtUserName' field to bypass authentication.

Description

Web Wiz (Multiple Products) - SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by DevilBox · htmlwebappsasp

https://www.exploit-db.com/exploits/26991

View Code ZIP pw:eip

This is a proof-of-concept for an SQL injection vulnerability in multiple Web Wiz products, allowing authentication bypass via crafted input in the login form. The exploit demonstrates how an attacker can manipulate the 'txtUserName' field to bypass authentication.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Web Wiz Site News 3.06, Web Wiz Journal 1.0, Web Wiz Polls 3.06, Web Wiz Database Login 1.71

No auth needed

Prerequisites: Access to the login page of the vulnerable Web Wiz product

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026