EIP-2026-111431

PRE-CVE

PostNuke 0.72x Phoenix Glossary Module - SQL Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111431. PoCs published by Lorenzo Manuel Hernandez Garcia-Hierro.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in PostNuke Phoenix v0.723 and earlier, specifically in the Glossary module. It explains how insufficient input sanitization allows attackers to modify SQL queries via the 'page' parameter.

Description

PostNuke 0.72x Phoenix Glossary Module - SQL Injection

Exploits (1)

exploitdb WRITEUP VERIFIED
by Lorenzo Manuel Hernandez Garcia-Hierro · textwebappsphp
https://www.exploit-db.com/exploits/22651

The provided text describes a SQL injection vulnerability in PostNuke Phoenix v0.723 and earlier, specifically in the Glossary module. It explains how insufficient input sanitization allows attackers to modify SQL queries via the 'page' parameter.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: PostNuke Phoenix v0.723 and earlier
No auth needed
Prerequisites: Access to the vulnerable PostNuke Phoenix instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026