EIP-2026-106787

PRE-CVE

eFront 3.6.15 - Multiple SQL Injections

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106787. PoCs published by Filippo Roncari.

AI-analyzed exploit summary The document describes SQL injection vulnerabilities in eFront 3.6.15's new_sidebar.php module, allowing authenticated users to extract sensitive data like password hashes via crafted requests. It includes a PoC URL and HTTP response but lacks full exploit code.

Description

eFront 3.6.15 - Multiple SQL Injections

Exploits (1)

exploitdb WRITEUP
by Filippo Roncari · textwebappsphp
https://www.exploit-db.com/exploits/36989

The document describes SQL injection vulnerabilities in eFront 3.6.15's new_sidebar.php module, allowing authenticated users to extract sensitive data like password hashes via crafted requests. It includes a PoC URL and HTTP response but lacks full exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: eFront 3.6.15
Auth required
Prerequisites: Authenticated access to eFront · Access to a lesson with specific conditions
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026