EIP-2026-112035

PRE-CVE

ShortCMS 1.2.0 - SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112035. PoCs published by Thibow.

AI-analyzed exploit summary This is a writeup detailing SQL injection vulnerabilities in ShortCMS version 1.2.0 and earlier. It provides exploit URLs for extracting MySQL version, table names, and column names, along with vulnerable code analysis.

Description

ShortCMS 1.2.0 - SQL Injection

Exploits (1)

exploitdb WRITEUP VERIFIED

by Thibow · textwebappsphp

https://www.exploit-db.com/exploits/11444

View Code ZIP pw:eip

This is a writeup detailing SQL injection vulnerabilities in ShortCMS version 1.2.0 and earlier. It provides exploit URLs for extracting MySQL version, table names, and column names, along with vulnerable code analysis.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: ShortCMS 1.2.0 and earlier

No auth needed

Prerequisites: Access to the vulnerable ShortCMS instance

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026