EIP-2026-106576

PRE-CVE

Dredge School Administration System - '/DSM/loader.php?Id' SQL Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106576. PoCs published by AtT4CKxT3rR0r1ST.

AI-analyzed exploit summary The provided code demonstrates SQL injection vulnerabilities in Dredge School Administration System 1.0, allowing attackers to extract sensitive information such as usernames and access codes from the adminstaff table via crafted UNION-based SQLi payloads.

Description

Dredge School Administration System - '/DSM/loader.php?Id' SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED
by AtT4CKxT3rR0r1ST · textwebappsphp
https://www.exploit-db.com/exploits/38985

The provided code demonstrates SQL injection vulnerabilities in Dredge School Administration System 1.0, allowing attackers to extract sensitive information such as usernames and access codes from the adminstaff table via crafted UNION-based SQLi payloads.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Dredge School Administration System 1.0
No auth needed
Prerequisites: Access to the target application's loader.php endpoint
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026