EIP-2026-106837

PRE-CVE

elitecms 1.01 - SQL Injection / Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106837. PoCs published by xeno_hive.

AI-analyzed exploit summary This writeup details multiple vulnerabilities in eliteCMS 1.01, including SQL injection, XSS, and an admin file upload flaw. It provides technical descriptions and exploit examples but lacks executable PoC code.

Description

elitecms 1.01 - SQL Injection / Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED

by xeno_hive · textwebappsphp

https://www.exploit-db.com/exploits/8838

View Code ZIP pw:eip

This writeup details multiple vulnerabilities in eliteCMS 1.01, including SQL injection, XSS, and an admin file upload flaw. It provides technical descriptions and exploit examples but lacks executable PoC code.

Classification

Writeup 90%

Attack Type

Sqli | Xss | Other

Complexity

Trivial

Reliability

Reliable

Target: eliteCMS 1.01

No auth needed

Prerequisites: magic_quotes_gpc = off for SQLi · contact form enabled for XSS · admin access for file upload

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026