EIP-2026-107955

PRE-CVE

irokez blog 0.7.3.2 - Cross-Site Scripting / Remote File Inclusion / Blind SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107955. PoCs published by Corwin.

AI-analyzed exploit summary This exploit demonstrates blind SQL injection, XSS, and local file inclusion vulnerabilities in Irokez Blog. The SQL injection allows extraction of user credentials, while the XSS and include vulnerabilities enable further exploitation.

Description

irokez blog 0.7.3.2 - Cross-Site Scripting / Remote File Inclusion / Blind SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by Corwin · textwebappsphp

https://www.exploit-db.com/exploits/8123

View Code ZIP pw:eip

This exploit demonstrates blind SQL injection, XSS, and local file inclusion vulnerabilities in Irokez Blog. The SQL injection allows extraction of user credentials, while the XSS and include vulnerabilities enable further exploitation.

Classification

Working Poc 90%

Attack Type

Sqli | Xss | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Irokez Blog (All versions up to 0.7.3.2)

No auth needed

Prerequisites: Access to the vulnerable Irokez Blog instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026