EIP-2026-107303
PRE-CVEFuel CMS 1.4.7 - 'col' SQL Injection (Authenticated)
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-107303. PoCs published by Roel van Beurden.
AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in Fuel CMS 1.4.7 via the 'col' parameter in multiple endpoints. It includes a time-based blind payload and instructions for using SQLmap to extract database information.
Description
Fuel CMS 1.4.7 - 'col' SQL Injection (Authenticated)
Exploits (1)
exploitdb
WORKING POC
by Roel van Beurden · textwebappsphp
https://www.exploit-db.com/exploits/48741
This exploit demonstrates an SQL injection vulnerability in Fuel CMS 1.4.7 via the 'col' parameter in multiple endpoints. It includes a time-based blind payload and instructions for using SQLmap to extract database information.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
Fuel CMS 1.4.7
Auth required
Prerequisites:
Authenticated access to Fuel CMS · SQLmap for automated exploitation
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026