EIP-2026-104405

PRE-CVE

Practico 13.9 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104405. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Practico CMS 13.9, including SQL injection via POST parameters, XSS via GET parameters, and CSRF to add an admin user. It provides clear PoC examples for each vulnerability.

Description

Practico 13.9 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappsmultiple

https://www.exploit-db.com/exploits/29389

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in Practico CMS 13.9, including SQL injection via POST parameters, XSS via GET parameters, and CSRF to add an admin user. It provides clear PoC examples for each vulnerability.

Classification

Working Poc 100%

Attack Type

Sqli | Xss | Csrf

Complexity

Trivial

Reliability

Reliable

Target: Practico CMS 13.9

No auth needed

Prerequisites: Network access to the target application · Victim interaction for XSS/CSRF

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1189 - Drive-by Compromise T1134 - Access Token Manipulation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026