EIP-2026-106832

PRE-CVE

Elgg 1.7.10 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106832. PoCs published by Aung Khant.

AI-analyzed exploit summary The exploit demonstrates XSS and SQL injection vulnerabilities in Elgg versions up to 1.7.10. The XSS payload uses an onmouseover event, while the SQL injection targets the search functionality with a malformed tag_names parameter.

Description

Elgg 1.7.10 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aung Khant · textwebappsphp

https://www.exploit-db.com/exploits/17685

View Code ZIP pw:eip

The exploit demonstrates XSS and SQL injection vulnerabilities in Elgg versions up to 1.7.10. The XSS payload uses an onmouseover event, while the SQL injection targets the search functionality with a malformed tag_names parameter.

Classification

Working Poc 90%

Attack Type

Xss | Sqli

Complexity

Trivial

Reliability

Reliable

Target: Elgg <= 1.7.10

No auth needed

Prerequisites: Access to the target Elgg instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026