EIP-2026-105705

PRE-CVE

Cannonbolt Portfolio Manager 1.0 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105705. PoCs published by LiquidWorm.

AI-analyzed exploit summary The advisory details stored XSS and SQL injection vulnerabilities in Cannonbolt Portfolio Manager v1.0, specifically in the 'cname' POST parameter and 'cdel' GET parameter. It provides technical details on how these vulnerabilities can be exploited but does not include functional exploit code.

Description

Cannonbolt Portfolio Manager 1.0 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textwebappsphp

https://www.exploit-db.com/exploits/21132

View Code ZIP pw:eip

The advisory details stored XSS and SQL injection vulnerabilities in Cannonbolt Portfolio Manager v1.0, specifically in the 'cname' POST parameter and 'cdel' GET parameter. It provides technical details on how these vulnerabilities can be exploited but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: Cannonbolt Portfolio Manager v1.0

No auth needed

Prerequisites: Access to the vulnerable application endpoints

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026