EIP-2026-106958

PRE-CVE

EXoops - Multiple Input Validation Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106958. PoCs published by Diabolic Crab.

AI-analyzed exploit summary The exploit demonstrates XSS and SQL injection vulnerabilities in exoops by providing crafted URLs that inject malicious scripts or SQL commands. The PoC shows how unsanitized input in parameters like 'sortdays', 'viewcat', and 'artid' can lead to cookie theft or database manipulation.

Description

EXoops - Multiple Input Validation Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Diabolic Crab · textwebappsphp

https://www.exploit-db.com/exploits/25300

View Code ZIP pw:eip

The exploit demonstrates XSS and SQL injection vulnerabilities in exoops by providing crafted URLs that inject malicious scripts or SQL commands. The PoC shows how unsanitized input in parameters like 'sortdays', 'viewcat', and 'artid' can lead to cookie theft or database manipulation.

Classification

Working Poc 90%

Attack Type

Xss | Sqli

Complexity

Trivial

Reliability

Reliable

Target: exoops (version unspecified)

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1059.007 - JavaScript T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026