EIP-2026-111431
PRE-CVEPostNuke 0.72x Phoenix Glossary Module - SQL Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-111431. PoCs published by Lorenzo Manuel Hernandez Garcia-Hierro.
AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in PostNuke Phoenix v0.723 and earlier, specifically in the Glossary module. It explains how insufficient input sanitization allows attackers to modify SQL queries via the 'page' parameter.
Description
PostNuke 0.72x Phoenix Glossary Module - SQL Injection
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Lorenzo Manuel Hernandez Garcia-Hierro · textwebappsphp
https://www.exploit-db.com/exploits/22651
The provided text describes a SQL injection vulnerability in PostNuke Phoenix v0.723 and earlier, specifically in the Glossary module. It explains how insufficient input sanitization allows attackers to modify SQL queries via the 'page' parameter.
Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
PostNuke Phoenix v0.723 and earlier
No auth needed
Prerequisites:
Access to the vulnerable PostNuke Phoenix instance
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026