EIP-2026-109994

PRE-CVE

NULL NUKE CMS 2.2 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109994. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in NULL NUKE CMS v2.2, including SQL Injection, XSS, Arbitrary File Upload, RCE, Arbitrary File Deletion, Arbitrary File Access, Open Redirect, and CSRF. The PoC includes detailed HTTP requests and HTML forms to exploit these vulnerabilities.

Description

NULL NUKE CMS 2.2 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappsphp

https://www.exploit-db.com/exploits/33091

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in NULL NUKE CMS v2.2, including SQL Injection, XSS, Arbitrary File Upload, RCE, Arbitrary File Deletion, Arbitrary File Access, Open Redirect, and CSRF. The PoC includes detailed HTTP requests and HTML forms to exploit these vulnerabilities.

Classification

Working Poc 100%

Attack Type

Rce | Sqli | Xss | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: NULL NUKE CMS v2.2 and 2.1 rc3

Auth required

Prerequisites: Access to the admin interface · Valid credentials for authenticated vulnerabilities

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026