EIP-2026-110267

PRE-CVE

OpenCart 1.5.6.1 - 'openbay' Multiple SQL Injections

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110267. PoCs published by Saadi Siddiqui.

AI-analyzed exploit summary The analysis details multiple SQL injection vulnerabilities in OpenCart <= 1.5.6.1, specifically in the ebay.php file where user-controlled input (e.g., product_id) is used unsanitized in SQL queries. The writeup provides technical details, including affected functions and code paths.

Description

OpenCart 1.5.6.1 - 'openbay' Multiple SQL Injections

Exploits (1)

exploitdb WRITEUP
by Saadi Siddiqui · textwebappsphp
https://www.exploit-db.com/exploits/32520

The analysis details multiple SQL injection vulnerabilities in OpenCart <= 1.5.6.1, specifically in the ebay.php file where user-controlled input (e.g., product_id) is used unsanitized in SQL queries. The writeup provides technical details, including affected functions and code paths.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: OpenCart <= 1.5.6.1
Auth required
Prerequisites: Access to OpenBay module · Valid admin session token
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026