EIP-2026-105470

PRE-CVE

BigTree 4.3.4 CMS - Multiple SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105470. PoCs published by Mehmet EMIROGLU.

AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in BigTree CMS v4.3.4 via the 'parent' and 'page' parameters. It includes attack patterns for both POST and GET methods, targeting the CMS's admin interface.

Description

BigTree 4.3.4 CMS - Multiple SQL Injection

Exploits (1)

exploitdb WORKING POC

by Mehmet EMIROGLU · textwebappsphp

https://www.exploit-db.com/exploits/46623

View Code ZIP pw:eip

The exploit demonstrates SQL injection vulnerabilities in BigTree CMS v4.3.4 via the 'parent' and 'page' parameters. It includes attack patterns for both POST and GET methods, targeting the CMS's admin interface.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: BigTree CMS v4.3.4

Auth required

Prerequisites: Access to admin interface · Valid session or authentication

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026