EIP-2026-105474
PRE-CVEBigware Shop 2.1x - 'main_bigware_54.php' SQL Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-105474. PoCs published by rwenzel.
AI-analyzed exploit summary This Python script exploits an SQL injection vulnerability in Bigware Shop versions prior to 2.17 by injecting a malicious payload into the 'pollid' parameter. The payload extracts admin credentials from the 'former' table, demonstrating the vulnerability's impact.
Description
Bigware Shop 2.1x - 'main_bigware_54.php' SQL Injection
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by rwenzel · pythonwebappsphp
https://www.exploit-db.com/exploits/37354
This Python script exploits an SQL injection vulnerability in Bigware Shop versions prior to 2.17 by injecting a malicious payload into the 'pollid' parameter. The payload extracts admin credentials from the 'former' table, demonstrating the vulnerability's impact.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
Bigware Shop < 2.17
No auth needed
Prerequisites:
Network access to the target application · Bigware Shop instance with vulnerable version
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026