EIP-2026-111023

PRE-CVE

phpCollegeExchange 0.1.5c - Multiple SQL Injections

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111023. PoCs published by Salvatore Fresta.

AI-analyzed exploit summary This exploit demonstrates SQL injection vulnerabilities in phpCollegeExchange 0.1.5c, including authentication bypass and arbitrary data retrieval. The PoC provides specific payloads for exploiting these flaws.

Description

phpCollegeExchange 0.1.5c - Multiple SQL Injections

Exploits (1)

exploitdb WORKING POC VERIFIED

by Salvatore Fresta · textwebappsphp

https://www.exploit-db.com/exploits/10390

View Code ZIP pw:eip

This exploit demonstrates SQL injection vulnerabilities in phpCollegeExchange 0.1.5c, including authentication bypass and arbitrary data retrieval. The PoC provides specific payloads for exploiting these flaws.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: phpCollegeExchange 0.1.5c

No auth needed

Prerequisites: Magic Quotes GPC must be off in php.ini

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026