EIP-2026-107936

PRE-CVE

Invision Power Board Currency Mod 1.3 - 'edit' SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107936. PoCs published by Yakir Wizman.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in Invision Power Board's Currency Mod, allowing an authenticated user with currency edit access to elevate their privileges to admin by manipulating the 'mgroup' field in the database.

Description

Invision Power Board Currency Mod 1.3 - 'edit' SQL Injection

Exploits (1)

exploitdb WORKING POC

by Yakir Wizman · perlwebappsphp

https://www.exploit-db.com/exploits/11702

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in Invision Power Board's Currency Mod, allowing an authenticated user with currency edit access to elevate their privileges to admin by manipulating the 'mgroup' field in the database.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Invision Power Board 1.3 with Currency Mod

Auth required

Prerequisites: Authenticated user with currency edit access · Valid member ID and password hash

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026