EIP-2026-109918

PRE-CVE

NewsBee CMS 1.4 - 'download.php' SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109918. PoCs published by AkkuS.

AI-analyzed exploit summary This exploit demonstrates multiple SQL injection techniques (boolean-based blind, error-based, time-based blind, and UNION query) targeting the 'id' and 't' parameters in NewsBee CMS 1.4's download.php. The payloads are designed to extract data or confirm vulnerability presence.

Description

NewsBee CMS 1.4 - 'download.php' SQL Injection

Exploits (1)

exploitdb WORKING POC

by AkkuS · textwebappsphp

https://www.exploit-db.com/exploits/44702

View Code ZIP pw:eip

This exploit demonstrates multiple SQL injection techniques (boolean-based blind, error-based, time-based blind, and UNION query) targeting the 'id' and 't' parameters in NewsBee CMS 1.4's download.php. The payloads are designed to extract data or confirm vulnerability presence.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: NewsBee CMS 1.4

Auth required

Prerequisites: Access to the admin panel or a valid session · Target running NewsBee CMS 1.4

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026