EIP-2026-112355

PRE-CVE

SourceBans 1.4.8 - SQL Injection / Local File Inclusion Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112355. PoCs published by Havok.

AI-analyzed exploit summary The exploit describes SQL injection and LFI vulnerabilities in SourceBans <= 1.4.8. It includes proof-of-concept URLs for SQLi and LFI, with additional notes on potential shell upload via icon upload functionality.

Description

SourceBans 1.4.8 - SQL Injection / Local File Inclusion Injection

Exploits (1)

exploitdb WRITEUP

by Havok · textwebappsphp

https://www.exploit-db.com/exploits/18215

View Code ZIP pw:eip

The exploit describes SQL injection and LFI vulnerabilities in SourceBans <= 1.4.8. It includes proof-of-concept URLs for SQLi and LFI, with additional notes on potential shell upload via icon upload functionality.

Classification

Writeup 90%

Attack Type

Sqli | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: SourceBans <= 1.4.8

Auth required

Prerequisites: authentication as root administrator or user with theme change privileges

MITRE ATT&CK

T1189 - Drive-by Compromise T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026