EIP-2026-105509

PRE-CVE

BlackNova Traders - 'news.php' SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105509. PoCs published by ITTIHACK.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in BlackNova Traders, where the 'startdate' parameter in the 'news.php' file is not properly sanitized. The example URL demonstrates how an attacker could inject SQL code to exploit the vulnerability.

Description

BlackNova Traders - 'news.php' SQL Injection

Exploits (1)

exploitdb WRITEUP VERIFIED

by ITTIHACK · textwebappsphp

https://www.exploit-db.com/exploits/38311

View Code ZIP pw:eip

The provided text describes an SQL injection vulnerability in BlackNova Traders, where the 'startdate' parameter in the 'news.php' file is not properly sanitized. The example URL demonstrates how an attacker could inject SQL code to exploit the vulnerability.

Classification

Writeup 80%

Attack Type

Sqli

Complexity

Trivial

Reliability

Theoretical

Target: BlackNova Traders (version not specified)

No auth needed

Prerequisites: Access to the vulnerable 'news.php' endpoint

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026