EIP-2026-106128
PRE-CVEConcrete5 CMS < 5.4.2.1 - Multiple Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-106128. PoCs published by Ryan Dewhurst.
AI-analyzed exploit summary This is a technical writeup detailing multiple vulnerabilities in Concrete5 CMS version 5.4.2.1, including SQL injection, XSS, and information disclosure. It provides specific PoC examples, vulnerable code snippets, and a timeline of vendor communication.
Description
Concrete5 CMS < 5.4.2.1 - Multiple Vulnerabilities
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Ryan Dewhurst · textwebappsphp
https://www.exploit-db.com/exploits/17925
This is a technical writeup detailing multiple vulnerabilities in Concrete5 CMS version 5.4.2.1, including SQL injection, XSS, and information disclosure. It provides specific PoC examples, vulnerable code snippets, and a timeline of vendor communication.
Classification
Writeup 95%
Attack Type
Sqli | Xss | Info Leak
Complexity
Moderate
Reliability
Reliable
Target:
Concrete5 CMS <= 5.4.2.1
Auth required
Prerequisites:
Authenticated user access for SQLi · Network access to the target
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026