EIP-2026-104282
PRE-CVEImperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-104282. PoCs published by Giuseppe D'Amore.
AI-analyzed exploit summary This advisory details a blind SQL injection vulnerability in Imperva SecureSphere WAF MX 9.5.6, allowing authenticated users with lookup dataset privileges to escalate privileges and extract the Administrator's MD5 password hash via crafted queries.
Description
Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection
Exploits (1)
exploitdb
WRITEUP
by Giuseppe D'Amore · textwebappsmultiple
https://www.exploit-db.com/exploits/28854
This advisory details a blind SQL injection vulnerability in Imperva SecureSphere WAF MX 9.5.6, allowing authenticated users with lookup dataset privileges to escalate privileges and extract the Administrator's MD5 password hash via crafted queries.
Classification
Writeup 100%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:
Imperva SecureSphere WAF MX 9.5.6
Auth required
Prerequisites:
Authenticated access to the WAF management console · Privilege to view lookup datasets
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026