EIP-2026-112492

PRE-CVE

SuperStoreFinder - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112492. PoCs published by bRpsd.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in SuperStoreFinder, including unauthenticated SQL injection, authenticated PHP injection leading to RCE, and CSRF attacks. The PoC includes payloads and steps to exploit these vulnerabilities.

Description

SuperStoreFinder - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by bRpsd · textwebappsphp

https://www.exploit-db.com/exploits/51822

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in SuperStoreFinder, including unauthenticated SQL injection, authenticated PHP injection leading to RCE, and CSRF attacks. The PoC includes payloads and steps to exploit these vulnerabilities.

Classification

Working Poc 95%

Attack Type

Sqli | Rce | Csrf

Complexity

Moderate

Reliability

Reliable

Target: SuperStoreFinder 3.7 and below

No auth needed

Prerequisites: Access to the target application · For RCE, authenticated access to settings.php

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026