EIP-2026-111980

PRE-CVE

Sendroid < 6.5.0 - SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111980. PoCs published by Onwuka Gideon.

AI-analyzed exploit summary This PHP script exploits an SQL injection vulnerability in Sendroid Bulk SMS Portal (versions 5.0.0 to 6.5.0) to extract admin credentials. It automates the process of retrieving the admin email and password hash, resetting the password, and cracking the new password.

Description

Sendroid < 6.5.0 - SQL Injection

Exploits (1)

exploitdb WORKING POC

by Onwuka Gideon · phpwebappsphp

https://www.exploit-db.com/exploits/43395

View Code ZIP pw:eip

This PHP script exploits an SQL injection vulnerability in Sendroid Bulk SMS Portal (versions 5.0.0 to 6.5.0) to extract admin credentials. It automates the process of retrieving the admin email and password hash, resetting the password, and cracking the new password.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Sendroid Bulk SMS Portal 5.0.0 - 6.5.0

No auth needed

Prerequisites: PHP installed on the attacker's system · Direct URL to the vulnerable Sendroid installation

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026