EIP-2026-107703

PRE-CVE

I-Vision CMS - Cross-Site Scripting / SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107703. PoCs published by Ariko-Security.

AI-analyzed exploit summary This advisory details XSS and SQL injection vulnerabilities in I-Vision CMS, specifically in the 'type' parameter of inner.php and the 'keys' parameter of search.php. It provides technical descriptions of the vulnerabilities but does not include functional exploit code.

Description

I-Vision CMS - Cross-Site Scripting / SQL Injection

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ariko-Security · textwebappsphp

https://www.exploit-db.com/exploits/12630

View Code ZIP pw:eip

This advisory details XSS and SQL injection vulnerabilities in I-Vision CMS, specifically in the 'type' parameter of inner.php and the 'keys' parameter of search.php. It provides technical descriptions of the vulnerabilities but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: I-Vision CMS (ALL versions)

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026