EIP-2026-111452

PRE-CVE

powermovielist 0.14b - SQL Injection / Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111452. PoCs published by brain[pillow].

AI-analyzed exploit summary This exploit demonstrates multiple SQL injection and XSS vulnerabilities in PowerMovieList 0.14 Beta. It includes examples for extracting user credentials and executing arbitrary SQL queries, as well as passive XSS payloads.

Description

powermovielist 0.14b - SQL Injection / Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by brain[pillow] · textwebappsphp

https://www.exploit-db.com/exploits/8062

View Code ZIP pw:eip

This exploit demonstrates multiple SQL injection and XSS vulnerabilities in PowerMovieList 0.14 Beta. It includes examples for extracting user credentials and executing arbitrary SQL queries, as well as passive XSS payloads.

Classification

Working Poc 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: PowerMovieList 0.14 Beta

Auth required

Prerequisites: magic quotes = off · registered user access

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026