EIP-2026-106138

PRE-CVE

Contact Manager 1.0 - 'femail' SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106138. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This is a writeup describing a SQL injection vulnerability in Contact Manager 1.0. The vulnerability occurs in the 'login.php' file when the 'forgot' parameter is set to '2' and the 'femail' parameter is used in an unsanitized SQL query.

Description

Contact Manager 1.0 - 'femail' SQL Injection

Exploits (1)

exploitdb WRITEUP

by Ihsan Sencan · textwebappsphp

https://www.exploit-db.com/exploits/42734

View Code ZIP pw:eip

This is a writeup describing a SQL injection vulnerability in Contact Manager 1.0. The vulnerability occurs in the 'login.php' file when the 'forgot' parameter is set to '2' and the 'femail' parameter is used in an unsanitized SQL query.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Contact Manager 1.0

No auth needed

Prerequisites: Access to the vulnerable application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026