EIP-2026-100631

PRE-CVE

XM Forum - 'search.asp' SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100631. PoCs published by Crim3R.

AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in XM Forum by injecting a single quote in the 'terms' parameter, causing an unclosed quotation mark error in the SQL query. The PoC includes HTTP headers and post data to trigger the vulnerability.

Description

XM Forum - 'search.asp' SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by Crim3R · textwebappsasp

https://www.exploit-db.com/exploits/37689

View Code ZIP pw:eip

This exploit demonstrates an SQL injection vulnerability in XM Forum by injecting a single quote in the 'terms' parameter, causing an unclosed quotation mark error in the SQL query. The PoC includes HTTP headers and post data to trigger the vulnerability.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: XM Forum

No auth needed

Prerequisites: Access to the vulnerable XM Forum application

MITRE ATT&CK

T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026