EIP-2026-111437

PRE-CVE

PostNuke FormExpress Module - Blind SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111437. PoCs published by Ali Abbasi.

AI-analyzed exploit summary This is a writeup describing a blind SQL injection vulnerability in the PostNuke ContentExpress Module. The vulnerability is in the form_id parameter and can be exploited to read database content via blind SQL injection techniques.

Description

PostNuke FormExpress Module - Blind SQL Injection

Exploits (1)

exploitdb WRITEUP

by Ali Abbasi · textwebappsphp

https://www.exploit-db.com/exploits/11784

View Code ZIP pw:eip

This is a writeup describing a blind SQL injection vulnerability in the PostNuke ContentExpress Module. The vulnerability is in the form_id parameter and can be exploited to read database content via blind SQL injection techniques.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Moderate

Reliability

Theoretical

Target: PostNuke ContentExpress Module 0.3.2

No auth needed

Prerequisites: access to the vulnerable endpoint

MITRE ATT&CK

T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026