EIP-2026-106177

PRE-CVE

Cotonti 0.9.2 - Multiple SQL Injections

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106177. PoCs published by KedAns-Dz.

AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in Cotonti 0.9.2 by injecting malicious SQL queries via URL parameters. The provided URLs manipulate the 's' and 'ord' parameters to execute arbitrary SQL logic, confirming the vulnerability.

Description

Cotonti 0.9.2 - Multiple SQL Injections

Exploits (1)

exploitdb WORKING POC VERIFIED

by KedAns-Dz · textwebappsphp

https://www.exploit-db.com/exploits/35803

View Code ZIP pw:eip

The exploit demonstrates SQL injection vulnerabilities in Cotonti 0.9.2 by injecting malicious SQL queries via URL parameters. The provided URLs manipulate the 's' and 'ord' parameters to execute arbitrary SQL logic, confirming the vulnerability.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Cotonti 0.9.2

No auth needed

Prerequisites: Access to the vulnerable Cotonti application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026