EIP-2026-106514

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106514. PoCs published by coiffeur.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Dolibarr 12.0.3, which is leveraged to achieve remote code execution (RCE) by manipulating the antivirus command configuration. It includes authentication bypass, password reset, and command injection steps.

Description

Dolibarr 12.0.3 - SQLi to RCE

Exploits (1)

exploitdb WORKING POC

by coiffeur · pythonwebappsphp

https://www.exploit-db.com/exploits/49240

View Code ZIP pw:eip

This exploit demonstrates a SQL injection vulnerability in Dolibarr 12.0.3, which is leveraged to achieve remote code execution (RCE) by manipulating the antivirus command configuration. It includes authentication bypass, password reset, and command injection steps.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: Dolibarr 12.0.3

Auth required

Prerequisites: Valid user credentials or ability to reset password · Access to the target URL · SQL injection vulnerability in the application

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Dolibarr 12.0.3 - SQLi to RCE

Exploitation Summary

Description

Exploits (1)

Details