EIP-2026-110387
PRE-CVEosCommerce Visitor Web Stats AddOn - 'Accept-Language' Header SQL Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-110387. PoCs published by Christopher Schramm.
AI-analyzed exploit summary This exploit demonstrates an SQL injection vulnerability in osCommerce Visitor Web Stats by manipulating the 'Accept-Language' header to extract administrator credentials via blind SQLi techniques. It systematically brute-forces usernames and passwords using binary search on character sets.
Description
osCommerce Visitor Web Stats AddOn - 'Accept-Language' Header SQL Injection
Exploits (1)
This exploit demonstrates an SQL injection vulnerability in osCommerce Visitor Web Stats by manipulating the 'Accept-Language' header to extract administrator credentials via blind SQLi techniques. It systematically brute-forces usernames and passwords using binary search on character sets.