EIP-2026-109053

PRE-CVE

Kunena < 1.5.13 / < 1.6.3 - SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109053. PoCs published by Red Matter.

AI-analyzed exploit summary The vulnerability involves SQL injection via the 'catids' parameter in Kunena's advanced search page due to lack of input sanitization and parameterized queries. Exploitation can also leak sensitive information such as software versions and system paths through error messages.

Description

Kunena < 1.5.13 / < 1.6.3 - SQL Injection

Exploits (1)

exploitdb WRITEUP VERIFIED

by Red Matter · textwebappsphp

https://www.exploit-db.com/exploits/16156

View Code ZIP pw:eip

The vulnerability involves SQL injection via the 'catids' parameter in Kunena's advanced search page due to lack of input sanitization and parameterized queries. Exploitation can also leak sensitive information such as software versions and system paths through error messages.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Kunena < 1.5.14, < 1.6.3

No auth needed

Prerequisites: Access to the Kunena advanced search page

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026