EIP-2026-104453

PRE-CVE

SQL-Ledger 2.8.33 - (Authenticated) Local File Inclusion / Edit

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104453. PoCs published by bitform.

AI-analyzed exploit summary The writeup describes a post-authentication local file include/edit vulnerability in SQL-Ledger <= 2.8.33, allowing users to read and modify arbitrary files accessible to the web server. The vulnerability is due to insufficient validation of the 'file' parameter in the stylesheet editing functionality.

Description

SQL-Ledger 2.8.33 - (Authenticated) Local File Inclusion / Edit

Exploits (1)

exploitdb WRITEUP VERIFIED
by bitform · textwebappsmultiple
https://www.exploit-db.com/exploits/17174

The writeup describes a post-authentication local file include/edit vulnerability in SQL-Ledger <= 2.8.33, allowing users to read and modify arbitrary files accessible to the web server. The vulnerability is due to insufficient validation of the 'file' parameter in the stylesheet editing functionality.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: SQL-Ledger <= 2.8.33
Auth required
Prerequisites: Valid user credentials · Access to the stylesheet editing functionality
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026