Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-109849. PoCs published by Saadi Siddiqui.
AI-analyzed exploit summary The code describes multiple SQL injection and XSS vulnerabilities in nconf 1.3, including specific parameters and code snippets demonstrating lack of input sanitization. It also mentions a local path disclosure vulnerability.
Description
Nconf 1.3 - Multiple SQL Injections
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Saadi Siddiqui · textwebappsphp
https://www.exploit-db.com/exploits/24564
The code describes multiple SQL injection and XSS vulnerabilities in nconf 1.3, including specific parameters and code snippets demonstrating lack of input sanitization. It also mentions a local path disclosure vulnerability.
Classification
Writeup 90%
Attack Type
Sqli | Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
nconf 1.3
No auth needed
Prerequisites:
Access to the vulnerable web application
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026