EIP-2026-109440

PRE-CVE

Mibew Messenger 1.6.4 - 'threadid' SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109440. PoCs published by Ucha Gobejishvili.

AI-analyzed exploit summary This Python script exploits an SQL injection vulnerability in Mibew Messenger 1.6.4 by injecting malicious SQL queries into the 'threadid' parameter of the 'threadprocessor.php' endpoint. It retrieves basic database information such as user, database name, hostname, and version.

Description

Mibew Messenger 1.6.4 - 'threadid' SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ucha Gobejishvili · pythonwebappsphp

https://www.exploit-db.com/exploits/37582

View Code ZIP pw:eip

This Python script exploits an SQL injection vulnerability in Mibew Messenger 1.6.4 by injecting malicious SQL queries into the 'threadid' parameter of the 'threadprocessor.php' endpoint. It retrieves basic database information such as user, database name, hostname, and version.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Mibew Messenger 1.6.4

No auth needed

Prerequisites: Network access to the target server · Mibew Messenger 1.6.4 installed and running

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026