EIP-2026-111438

PRE-CVE

PostNuke Modules Factory Subjects Module 2.0 - SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111438. PoCs published by Criolabs.

AI-analyzed exploit summary The document describes a SQL injection vulnerability in the PostNuke Modules Factory Subjects module, where user-supplied URI parameters are not properly sanitized. It provides example URLs demonstrating how an attacker could manipulate SQL queries to disclose sensitive information or corrupt data.

Description

PostNuke Modules Factory Subjects Module 2.0 - SQL Injection

Exploits (1)

exploitdb WRITEUP VERIFIED

by Criolabs · textwebappsphp

https://www.exploit-db.com/exploits/24587

View Code ZIP pw:eip

The document describes a SQL injection vulnerability in the PostNuke Modules Factory Subjects module, where user-supplied URI parameters are not properly sanitized. It provides example URLs demonstrating how an attacker could manipulate SQL queries to disclose sensitive information or corrupt data.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: PostNuke Modules Factory Subjects module

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026