EIP-2026-112476

PRE-CVE

sugarsales 1.x/2.0 - Multiple Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112476. PoCs published by Daniel Fabian.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in SugarSales, including SQL injection, directory traversal, and information disclosure. It includes example payloads for authentication bypass and file disclosure but lacks executable exploit code.

Description

sugarsales 1.x/2.0 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED
by Daniel Fabian · textwebappsphp
https://www.exploit-db.com/exploits/24823

The provided text describes multiple vulnerabilities in SugarSales, including SQL injection, directory traversal, and information disclosure. It includes example payloads for authentication bypass and file disclosure but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli | Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: SugarSales (versions prior to 2.0.1a)
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026