EIP-2026-105472
PRE-CVEBigTree CMS 4.2.3 - (Authenticated) SQL Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-105472. PoCs published by Curesec Research Team.
AI-analyzed exploit summary This is a detailed technical writeup describing multiple SQL injection vulnerabilities in BigTree CMS 4.2.3, including proof-of-concept examples and affected code snippets. The analysis covers three distinct SQLi vectors, their root causes, and mitigation steps.
Description
BigTree CMS 4.2.3 - (Authenticated) SQL Injection
Exploits (1)
exploitdb
WRITEUP
by Curesec Research Team · textwebappsphp
https://www.exploit-db.com/exploits/37821
This is a detailed technical writeup describing multiple SQL injection vulnerabilities in BigTree CMS 4.2.3, including proof-of-concept examples and affected code snippets. The analysis covers three distinct SQLi vectors, their root causes, and mitigation steps.
Classification
Writeup 100%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:
BigTree CMS 4.2.3
Auth required
Prerequisites:
Authenticated access to the admin area
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026