EIP-2026-105056

PRE-CVE

Ajax PHP Penny Auction 1.x 2.x - Multiple Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105056. PoCs published by Taha Hunter.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in Ajax PHP Penny Auction 1.x/2.x, including XSS, information disclosure, blind SQL injection, and file upload flaws. The Python script automates blind SQL injection to extract admin credentials.

Description

Ajax PHP Penny Auction 1.x 2.x - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC
by Taha Hunter · textwebappsphp
https://www.exploit-db.com/exploits/27521

This exploit demonstrates multiple vulnerabilities in Ajax PHP Penny Auction 1.x/2.x, including XSS, information disclosure, blind SQL injection, and file upload flaws. The Python script automates blind SQL injection to extract admin credentials.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Ajax PHP Penny Auction 1.x/2.x
No auth needed
Prerequisites: Valid target URL with vulnerable 'item.php' endpoint
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026