EIP-2026-107368

PRE-CVE

Geeklog 1.5.2 - 'SEC_authenticate()' SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107368. PoCs published by Nine:Situations:Group.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in Geeklog <=1.5.2 via the SEC_authenticate() function, allowing authentication bypass and potential RCE through static page PHP injection. It includes functionality for table prefix extraction, shell export via INTO OUTFILE, and static page submission with PHP code.

Description

Geeklog 1.5.2 - 'SEC_authenticate()' SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nine:Situations:Group · phpwebappsphp

https://www.exploit-db.com/exploits/8376

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in Geeklog <=1.5.2 via the SEC_authenticate() function, allowing authentication bypass and potential RCE through static page PHP injection. It includes functionality for table prefix extraction, shell export via INTO OUTFILE, and static page submission with PHP code.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Geeklog <=1.5.2

No auth needed

Prerequisites: PHP >= 5.0 · Geeklog webservices enabled · Access to webservices/atom/index.php

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026