EIP-2026-103276

PRE-CVE

Elektronischer Leitz-Ordner 10 - SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-103276. PoCs published by Jens Regel.

AI-analyzed exploit summary This is a proof-of-concept for a time-based blind SQL injection vulnerability in ELO Access Manager. The exploit targets the 'ticket' parameter in an HTTP GET request to extract database content, such as administrator password hashes.

Description

Elektronischer Leitz-Ordner 10 - SQL Injection

Exploits (1)

exploitdb WORKING POC

by Jens Regel · textwebappslinux

https://www.exploit-db.com/exploits/44999

View Code ZIP pw:eip

This is a proof-of-concept for a time-based blind SQL injection vulnerability in ELO Access Manager. The exploit targets the 'ticket' parameter in an HTTP GET request to extract database content, such as administrator password hashes.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: ELO Access Manager <= 9.17.120 and <= 10.17.120

No auth needed

Prerequisites: Network access to the target server · ELO Access Manager with vulnerable version

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026