EIP-2026-109229

PRE-CVE

LxBlog - Multiple Cross-Site Scripting / SQL Injections

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109229. PoCs published by Securitylab.ir.

AI-analyzed exploit summary The exploit demonstrates SQL injection and XSS vulnerabilities in LxBlog by providing example URIs that manipulate the database query and inject malicious scripts. The SQLi example uses time-based blind injection to extract password information, while the XSS example shows how arbitrary scripts can be injected.

Description

LxBlog - Multiple Cross-Site Scripting / SQL Injections

Exploits (1)

exploitdb WORKING POC VERIFIED
by Securitylab.ir · textwebappsphp
https://www.exploit-db.com/exploits/33008

The exploit demonstrates SQL injection and XSS vulnerabilities in LxBlog by providing example URIs that manipulate the database query and inject malicious scripts. The SQLi example uses time-based blind injection to extract password information, while the XSS example shows how arbitrary scripts can be injected.

Classification
Working Poc 90%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target: LxBlog (version not specified)
No auth needed
Prerequisites: Access to the target application's user_index.php endpoint
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026