Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-111914. PoCs published by Manas58.
AI-analyzed exploit summary This is a SQL injection exploit for Schaf-CMS 1.0, leveraging a time-based blind SQLi technique to extract database information (version, user, database name, and OS). The payload uses concatenation and grouping to trigger errors that reveal system details.
Description
Schaf-CMS 1.0 - SQL Injection
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Manas58 · textwebappsphp
https://www.exploit-db.com/exploits/12720
This is a SQL injection exploit for Schaf-CMS 1.0, leveraging a time-based blind SQLi technique to extract database information (version, user, database name, and OS). The payload uses concatenation and grouping to trigger errors that reveal system details.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:
Schaf-CMS 1.0
No auth needed
Prerequisites:
Access to the vulnerable CMS endpoint (cms.php?id=)
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026