EIP-2026-105089
PRE-CVEAlienvault 4.3.1 - SQL Injection / Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-105089. PoCs published by Sasha Zivojinovic.
AI-analyzed exploit summary This exploit demonstrates unauthenticated SQL injection in AlienVault 4.3.1 via multiple parameters in 'graph_geoloc.php' and 'radar-iso27001-A11AccessControl-pot.php'. It includes proof-of-concept URLs for time-based, error-based, and XSS attacks, leveraging MySQL root privileges to extract credentials and system information.
Description
Alienvault 4.3.1 - SQL Injection / Cross-Site Scripting
Exploits (1)
This exploit demonstrates unauthenticated SQL injection in AlienVault 4.3.1 via multiple parameters in 'graph_geoloc.php' and 'radar-iso27001-A11AccessControl-pot.php'. It includes proof-of-concept URLs for time-based, error-based, and XSS attacks, leveraging MySQL root privileges to extract credentials and system information.