EIP-2026-112387

PRE-CVE

SPIP 1.8/1.9 - Multiple SQL Injections

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112387. PoCs published by Siegfried.

AI-analyzed exploit summary The provided text describes SQL injection vulnerabilities in SPIP versions prior to and including 1.8.2-e and 1.9 alpha 2. It includes example URIs demonstrating the exploitation of these vulnerabilities to extract password hashes from the database.

Description

SPIP 1.8/1.9 - Multiple SQL Injections

Exploits (1)

exploitdb WRITEUP VERIFIED
by Siegfried · textwebappsphp
https://www.exploit-db.com/exploits/27157

The provided text describes SQL injection vulnerabilities in SPIP versions prior to and including 1.8.2-e and 1.9 alpha 2. It includes example URIs demonstrating the exploitation of these vulnerabilities to extract password hashes from the database.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: SPIP <= 1.8.2-e, 1.9 alpha 2
No auth needed
Prerequisites: Access to the target SPIP forum.php3 endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026