Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-106945. PoCs published by darkjoker.
AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in eVision CMS <= 2.0, where user-controlled input via the 'field', 'module', and 'id' GET parameters is directly interpolated into a SQL query without sanitization. This allows an attacker to retrieve sensitive data, such as the admin's hashed password, by crafting a malicious request.
Description
eVision CMS 2.0 - SQL Injection
Exploits (1)
The exploit demonstrates a SQL injection vulnerability in eVision CMS <= 2.0, where user-controlled input via the 'field', 'module', and 'id' GET parameters is directly interpolated into a SQL query without sanitization. This allows an attacker to retrieve sensitive data, such as the admin's hashed password, by crafting a malicious request.