EIP-2026-109230

PRE-CVE

Lyrics Script - SQL Injection / Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109230. PoCs published by Valentin.

AI-analyzed exploit summary This advisory details SQL injection and XSS vulnerabilities in Lyrics Script, providing specific endpoints and parameters vulnerable to exploitation. It lacks functional exploit code but includes technical details about the vulnerabilities.

Description

Lyrics Script - SQL Injection / Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED

by Valentin · textwebappsphp

https://www.exploit-db.com/exploits/13863

View Code ZIP pw:eip

This advisory details SQL injection and XSS vulnerabilities in Lyrics Script, providing specific endpoints and parameters vulnerable to exploitation. It lacks functional exploit code but includes technical details about the vulnerabilities.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Theoretical

Target: Lyrics Script (unknown version)

No auth needed

Prerequisites: Access to vulnerable endpoints

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026