EIP-2026-111119

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111119. PoCs published by Curesec Research Team.

AI-analyzed exploit summary This document provides a detailed technical analysis of multiple SQL injection vulnerabilities in phplist 3.2.6, including proof-of-concept exploits, affected code snippets, and CVSS scoring. It covers unauthenticated and authenticated attack vectors, along with mitigation steps.

Description

phplist 3.2.6 - SQL Injection

Exploits (1)

exploitdb WRITEUP

by Curesec Research Team · textwebappsphp

https://www.exploit-db.com/exploits/41644

View Code ZIP pw:eip

This document provides a detailed technical analysis of multiple SQL injection vulnerabilities in phplist 3.2.6, including proof-of-concept exploits, affected code snippets, and CVSS scoring. It covers unauthenticated and authenticated attack vectors, along with mitigation steps.

Classification

Writeup 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: phplist 3.2.6

No auth needed

Prerequisites: Access to the phplist application · For some exploits, admin credentials are required

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

phplist 3.2.6 - SQL Injection

Exploitation Summary

Description

Exploits (1)

Details