EIP-2026-107421
PRE-CVEglFusion 1.3.0 - 'search.php?cat_id' SQL Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-107421. PoCs published by Omar Kurt.
AI-analyzed exploit summary This is a vulnerability writeup describing a blind SQL injection in glFusion 1.3.0 via the 'cat_id' parameter in search.php. It includes a PoC URL and details about the vulnerability but does not contain executable exploit code.
Description
glFusion 1.3.0 - 'search.php?cat_id' SQL Injection
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Omar Kurt · textwebappsphp
https://www.exploit-db.com/exploits/28185
This is a vulnerability writeup describing a blind SQL injection in glFusion 1.3.0 via the 'cat_id' parameter in search.php. It includes a PoC URL and details about the vulnerability but does not contain executable exploit code.
Classification
Writeup 100%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
glFusion 1.3.0 and possibly below
No auth needed
Prerequisites:
Access to the target application's search.php endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026