EIP-2026-111172

PRE-CVE

phpMySport 1.4 - SQL Injection / Authentication Bypass / Full Path Disclosure

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111172. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary The exploit demonstrates multiple SQL injection vulnerabilities in phpMySport 1.4, allowing attackers to execute arbitrary SQL queries via unsanitized input in 'v1', 'name', and 'v2' variables. It also includes an authentication bypass and path disclosure proof-of-concept.

Description

phpMySport 1.4 - SQL Injection / Authentication Bypass / Full Path Disclosure

Exploits (1)

exploitdb WORKING POC VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/15921

The exploit demonstrates multiple SQL injection vulnerabilities in phpMySport 1.4, allowing attackers to execute arbitrary SQL queries via unsanitized input in 'v1', 'name', and 'v2' variables. It also includes an authentication bypass and path disclosure proof-of-concept.

Classification
Working Poc 100%
Attack Type
Sqli | Auth Bypass | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: phpMySport 1.4
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026