EIP-2026-102452

PRE-CVE

24online SMS_2500i 8.3.6 build 9.0 - SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102452. PoCs published by Rahul Raz.

AI-analyzed exploit summary This is a writeup describing an SQL injection vulnerability in the 24 Online Billing API. The vulnerability exists in the 'invoiceid' GET parameter and allows for informational disclosure over the stored database.

Description

24online SMS_2500i 8.3.6 build 9.0 - SQL Injection

Exploits (1)

exploitdb WRITEUP

by Rahul Raz · textwebappsjsp

https://www.exploit-db.com/exploits/40060

View Code ZIP pw:eip

This is a writeup describing an SQL injection vulnerability in the 24 Online Billing API. The vulnerability exists in the 'invoiceid' GET parameter and allows for informational disclosure over the stored database.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: 24online Model SMS_2500i version 8.3.6 build 9.0

Auth required

Prerequisites: Authenticated user access

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026