EIP-2026-110850

PRE-CVE

PHP-Nuke 6.0/6.5 Forum Module - 'viewtopic.php' SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110850. PoCs published by frog.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in PHPNuke's Forum module via the 'viewtopic.php' script. The attacker can inject SQL commands through the 'forum' parameter to write arbitrary files to the server using the 'INTO OUTFILE' clause.

Description

PHP-Nuke 6.0/6.5 Forum Module - 'viewtopic.php' SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by frog · textwebappsphp

https://www.exploit-db.com/exploits/22423

View Code ZIP pw:eip

The exploit demonstrates a SQL injection vulnerability in PHPNuke's Forum module via the 'viewtopic.php' script. The attacker can inject SQL commands through the 'forum' parameter to write arbitrary files to the server using the 'INTO OUTFILE' clause.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: PHPNuke (Forum module)

No auth needed

Prerequisites: Access to the target PHPNuke instance · Knowledge of the server's file system path for writing files

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026