EIP-2026-105480
PRE-CVEBilling Management System 2.0 - Union based SQL injection (Authenticated)
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-105480. PoCs published by Mohammad Koochaki.
AI-analyzed exploit summary This exploit demonstrates a Union-based SQL injection vulnerability in Billing Management System 2.0. The vulnerable parameter is 'id' in multiple endpoints, allowing an attacker to extract sensitive data such as usernames and passwords from the database.
Description
Billing Management System 2.0 - Union based SQL injection (Authenticated)
Exploits (1)
exploitdb
WORKING POC
by Mohammad Koochaki · textwebappsphp
https://www.exploit-db.com/exploits/49874
This exploit demonstrates a Union-based SQL injection vulnerability in Billing Management System 2.0. The vulnerable parameter is 'id' in multiple endpoints, allowing an attacker to extract sensitive data such as usernames and passwords from the database.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
Billing Management System 2.0
Auth required
Prerequisites:
Access to the vulnerable endpoints · Valid authentication credentials
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026