EIP-2026-109275

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109275. PoCs published by GulfTech Security.

AI-analyzed exploit summary This writeup describes an SQL injection vulnerability in Mambo CMS <= 4.5.4, allowing authentication bypass via manipulated cookie values. The exploit leverages improper sanitization of the password field when passed via cookies, enabling an attacker to log in as any user, including admin, and potentially execute arbitrary PHP code.

Description

Mambo < 4.5.4 - SQL Injection

Exploits (1)

exploitdb WRITEUP

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/43843

View Code ZIP pw:eip

This writeup describes an SQL injection vulnerability in Mambo CMS <= 4.5.4, allowing authentication bypass via manipulated cookie values. The exploit leverages improper sanitization of the password field when passed via cookies, enabling an attacker to log in as any user, including admin, and potentially execute arbitrary PHP code.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Mambo CMS <= 4.5.4

No auth needed

Prerequisites: Access to the Mambo login page · Ability to send crafted cookies

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Mambo < 4.5.4 - SQL Injection

Exploitation Summary

Description

Exploits (1)

Details