EIP-2026-112159

PRE-CVE

Simplog 0.9.3 - 'archive.php' SQL Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112159. PoCs published by Javor Ninov.

AI-analyzed exploit summary The exploit demonstrates an SQL injection vulnerability in Simplog 0.9.3.2 via the 'pid' parameter in archive.php, allowing an attacker to extract admin credentials from the database. The provided URL includes a UNION-based SQLi payload to dump login and password fields from the blog_users table.

Description

Simplog 0.9.3 - 'archive.php' SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED
by Javor Ninov · textwebappsphp
https://www.exploit-db.com/exploits/29375

The exploit demonstrates an SQL injection vulnerability in Simplog 0.9.3.2 via the 'pid' parameter in archive.php, allowing an attacker to extract admin credentials from the database. The provided URL includes a UNION-based SQLi payload to dump login and password fields from the blog_users table.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Simplog 0.9.3.2
No auth needed
Prerequisites: Access to the target Simplog instance · Knowledge of the blogid parameter value
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026