EIP-2026-107676

PRE-CVE

Human Resource Management System 1.0 - SQL Injection (unauthenticated)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107676. PoCs published by Matthijs van der Vaart (eMVee).

AI-analyzed exploit summary This is a writeup detailing SQL injection vulnerabilities in the Human Resource Management System 1.0. It provides instructions for using sqlmap to exploit unauthenticated SQLi in the login page via the 'name' and 'password' POST parameters.

Description

Human Resource Management System 1.0 - SQL Injection (unauthenticated)

Exploits (1)

exploitdb WRITEUP

by Matthijs van der Vaart (eMVee) · textwebappsphp

https://www.exploit-db.com/exploits/51125

View Code ZIP pw:eip

This is a writeup detailing SQL injection vulnerabilities in the Human Resource Management System 1.0. It provides instructions for using sqlmap to exploit unauthenticated SQLi in the login page via the 'name' and 'password' POST parameters.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Human Resource Management System 1.0

No auth needed

Prerequisites: Burp Suite or OWASP ZAP to capture login request · sqlmap for exploitation

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026