EIP-2026-108960
PRE-CVEKaiBB 2.0.1 - SQL Injection / Arbitrary File Upload
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-108960. PoCs published by KedAns-Dz.
AI-analyzed exploit summary This exploit demonstrates SQL injection vulnerabilities and an arbitrary file upload vulnerability in KaiBB 2.0.1. The SQLi vectors are in multiple parameters, and the file upload allows executing shell code disguised as an avatar image.
Description
KaiBB 2.0.1 - SQL Injection / Arbitrary File Upload
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by KedAns-Dz · textwebappsphp
https://www.exploit-db.com/exploits/36107
This exploit demonstrates SQL injection vulnerabilities and an arbitrary file upload vulnerability in KaiBB 2.0.1. The SQLi vectors are in multiple parameters, and the file upload allows executing shell code disguised as an avatar image.
Classification
Working Poc 90%
Attack Type
Sqli | Rce
Complexity
Trivial
Reliability
Reliable
Target:
KaiBB 2.0.1
Auth required
Prerequisites:
Access to the KaiBB application · User registration for file upload
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026