Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-106597. PoCs published by r0t.
AI-analyzed exploit summary The document describes multiple SQL injection vulnerabilities in DRZES HMS due to insufficient input sanitization. It lists affected endpoints and parameters but does not include functional exploit code.
Description
DRZES Hms 3.2 - Multiple SQL Injections
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by r0t · textwebappsphp
https://www.exploit-db.com/exploits/26663
The document describes multiple SQL injection vulnerabilities in DRZES HMS due to insufficient input sanitization. It lists affected endpoints and parameters but does not include functional exploit code.
Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target:
DRZES HMS Version 3.2 and prior
No auth needed
Prerequisites:
Access to vulnerable endpoints
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026