EIP-2026-106970

PRE-CVE

exponentcms 2.0.5 - Multiple Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106970. PoCs published by Onur Yılmaz.

AI-analyzed exploit summary The document describes XSS and Blind SQL Injection vulnerabilities in ExponentCMS 2.0.5, providing example PoC URLs and references to vendor patches. It includes technical details about the vulnerabilities and their impact.

Description

exponentcms 2.0.5 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED
by Onur Yılmaz · textwebappsphp
https://www.exploit-db.com/exploits/18773

The document describes XSS and Blind SQL Injection vulnerabilities in ExponentCMS 2.0.5, providing example PoC URLs and references to vendor patches. It includes technical details about the vulnerabilities and their impact.

Classification
Writeup 90%
Attack Type
Xss | Sqli
Complexity
Trivial
Reliability
Reliable
Target: ExponentCMS 2.0.5 and possibly below
No auth needed
Prerequisites: Access to the vulnerable web application
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026