EIP-2026-107925

PRE-CVE

Invision Power Board 1.3 - 'SSI.php' SQL Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107925. PoCs published by JvdR.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in Invision Power Board's 'ssi.php' script, where improper filtering of user-supplied data allows attackers to pass SQL statements to the underlying database. The impact varies depending on the database but may include data corruption, sensitive data exposure, or command execution.

Description

Invision Power Board 1.3 - 'SSI.php' SQL Injection

Exploits (1)

exploitdb WRITEUP VERIFIED
by JvdR · textwebappsphp
https://www.exploit-db.com/exploits/24186

The provided text describes an SQL injection vulnerability in Invision Power Board's 'ssi.php' script, where improper filtering of user-supplied data allows attackers to pass SQL statements to the underlying database. The impact varies depending on the database but may include data corruption, sensitive data exposure, or command execution.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Invision Power Board 1.3.1 Final
No auth needed
Prerequisites: Access to the 'ssi.php' script with the ability to manipulate the 'f' parameter
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026