EIP-2026-110234
PRE-CVEOpen Source Classifieds 1.1.0 Alpha (OSClassi) - SQL Injection / Cross-Site Scripting / Arbitrary Admin Change
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-110234. PoCs published by Sioma Labs.
AI-analyzed exploit summary The exploit demonstrates SQL injection and XSS vulnerabilities in Open Source Classifieds (OSClassi) version 1.1.0 Alpha. It includes functional PoC URLs for SQLi to extract admin/user credentials and XSS payloads for item.php and search.php.
Description
Open Source Classifieds 1.1.0 Alpha (OSClassi) - SQL Injection / Cross-Site Scripting / Arbitrary Admin Change
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Sioma Labs · textwebappsphp
https://www.exploit-db.com/exploits/11496
The exploit demonstrates SQL injection and XSS vulnerabilities in Open Source Classifieds (OSClassi) version 1.1.0 Alpha. It includes functional PoC URLs for SQLi to extract admin/user credentials and XSS payloads for item.php and search.php.
Classification
Working Poc 95%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target:
Open Source Classifieds (OSClassi) 1.1.0 Alpha
No auth needed
Prerequisites:
Access to the target web application · A posted item for the XSS in item.php
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026