EIP-2026-105819

PRE-CVE

chCounter 3.1.3 - SQL Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105819. PoCs published by Matias Fontanini.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in chCounter <= 3.1.3, allowing an attacker to extract database information via crafted POST requests to the 'anzahl' parameter. It automates session acquisition, login bypass, and data extraction using blind SQLi techniques.

Description

chCounter 3.1.3 - SQL Injection

Exploits (1)

exploitdb WORKING POC
by Matias Fontanini · pythonwebappsphp
https://www.exploit-db.com/exploits/15568

This exploit demonstrates a SQL injection vulnerability in chCounter <= 3.1.3, allowing an attacker to extract database information via crafted POST requests to the 'anzahl' parameter. It automates session acquisition, login bypass, and data extraction using blind SQLi techniques.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: chCounter <= 3.1.3
Auth required
Prerequisites: Downloads enabled in chCounter · magic_quotes off · Access to administration site (or bypass via magic_quotes off)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026