EIP-2026-109773

PRE-CVE

MyNews CMS 1.0 - SQL Injection / Local File Inclusion / Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109773. PoCs published by mr_me.

AI-analyzed exploit summary This exploit demonstrates SQL injection, local file inclusion (LFI), and reflective XSS vulnerabilities in MyNews v1.0 CMS. The PoC includes clear examples of malicious input for each vulnerability type, with specific endpoints and payloads.

Description

MyNews CMS 1.0 - SQL Injection / Local File Inclusion / Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by mr_me · textwebappsphp

https://www.exploit-db.com/exploits/12637

View Code ZIP pw:eip

This exploit demonstrates SQL injection, local file inclusion (LFI), and reflective XSS vulnerabilities in MyNews v1.0 CMS. The PoC includes clear examples of malicious input for each vulnerability type, with specific endpoints and payloads.

Classification

Working Poc 95%

Attack Type

Sqli | Info Leak | Xss

Complexity

Trivial

Reliability

Reliable

Target: MyNews v1.0 CMS

No auth needed

Prerequisites: Access to the target web application · Basic knowledge of SQLi and LFI techniques

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026