EIP-2026-106184

PRE-CVE

CouponPHP CMS 3.1 - 'code' SQL Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106184. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in CouponPHP Script v3.1 via the 'code' parameter in the 'go.php' endpoint. It allows an attacker to inject arbitrary SQL queries to extract sensitive data such as user credentials.

Description

CouponPHP CMS 3.1 - 'code' SQL Injection

Exploits (1)

exploitdb WORKING POC
by Ihsan Sencan · textwebappsphp
https://www.exploit-db.com/exploits/41736

The exploit demonstrates a SQL injection vulnerability in CouponPHP Script v3.1 via the 'code' parameter in the 'go.php' endpoint. It allows an attacker to inject arbitrary SQL queries to extract sensitive data such as user credentials.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: CouponPHP Script v3.1
No auth needed
Prerequisites: Access to the vulnerable endpoint
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026