EIP-2026-111654

PRE-CVE

Qwerty CMS - 'id' SQL Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111654. PoCs published by b3.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in QWERTY CMS lite via the 'id' parameter in index.php. The provided payload extracts data from the administrator table, including password hashes, without requiring authentication.

Description

Qwerty CMS - 'id' SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED
by b3 · textwebappsphp
https://www.exploit-db.com/exploits/8104

This exploit demonstrates a SQL injection vulnerability in QWERTY CMS lite via the 'id' parameter in index.php. The provided payload extracts data from the administrator table, including password hashes, without requiring authentication.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: QWERTY CMS lite
No auth needed
Prerequisites: Access to the target URL with the vulnerable parameter
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026