EIP-2026-110841

PRE-CVE

PHP-Nuke 5.6/6.x News Module - 'index.php' SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110841. PoCs published by frog.

AI-analyzed exploit summary This exploit targets a SQL injection vulnerability in PHP-Nuke's News module by manipulating the 'score' parameter in a crafted HTTP request. It allows an attacker to alter database entries for news articles by converting input strings into ASCII values and injecting them into the SQL query.

Description

PHP-Nuke 5.6/6.x News Module - 'index.php' SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by frog · phpwebappsphp

https://www.exploit-db.com/exploits/22414

View Code ZIP pw:eip

This exploit targets a SQL injection vulnerability in PHP-Nuke's News module by manipulating the 'score' parameter in a crafted HTTP request. It allows an attacker to alter database entries for news articles by converting input strings into ASCII values and injecting them into the SQL query.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: PHP-Nuke (version not specified)

No auth needed

Prerequisites: Target URL with vulnerable PHP-Nuke installation · Valid News SID

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026