EIP-2026-107937

PRE-CVE

Invision Power Top Site List < 1.1 RC 2 - SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107937. PoCs published by GulfTech Security.

AI-analyzed exploit summary This is a writeup describing an SQL injection vulnerability in Invision Power Top Site List. The vulnerability occurs in the 'comment' feature, allowing arbitrary SQL queries to be executed via the 'id' parameter in the URL.

Description

Invision Power Top Site List < 1.1 RC 2 - SQL Injection

Exploits (1)

exploitdb WRITEUP

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/43806

View Code ZIP pw:eip

This is a writeup describing an SQL injection vulnerability in Invision Power Top Site List. The vulnerability occurs in the 'comment' feature, allowing arbitrary SQL queries to be executed via the 'id' parameter in the URL.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Invision Power Top Site List <= 1.1 RC 2

No auth needed

Prerequisites: Access to the target application

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026