EIP-2026-110182

PRE-CVE

Online shopping system advanced 1.0 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110182. PoCs published by Rafael Pedrero.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Online Shopping System Advanced 1.0, including SQL injection via `user_id` and `proId` parameters, RCE through file upload bypass, and stored XSS. Proof-of-concept requests are provided for each vulnerability, with SQLMap used to confirm SQLi.

Description

Online shopping system advanced 1.0 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Rafael Pedrero · textwebappsphp

https://www.exploit-db.com/exploits/51103

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in Online Shopping System Advanced 1.0, including SQL injection via `user_id` and `proId` parameters, RCE through file upload bypass, and stored XSS. Proof-of-concept requests are provided for each vulnerability, with SQLMap used to confirm SQLi.

Classification

Working Poc 95%

Attack Type

Sqli | Rce | Xss

Complexity

Moderate

Reliability

Reliable

Target: Online Shopping System Advanced 1.0

Auth required

Prerequisites: Access to admin panel for RCE and stored XSS · Valid session cookie for authenticated endpoints

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026