EIP-2026-112540

PRE-CVE

Syzygy CMS 0.3 - Local File Inclusion / SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112540. PoCs published by Osirys.

AI-analyzed exploit summary This Perl script exploits Syzygy CMS 0.3 via SQL injection and LFI to achieve remote command execution. It first extracts admin credentials, then either leverages LFI to spawn a shell or uses SQL injection to write a malicious PHP file.

Description

Syzygy CMS 0.3 - Local File Inclusion / SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by Osirys · perlwebappsphp

https://www.exploit-db.com/exploits/8276

View Code ZIP pw:eip

This Perl script exploits Syzygy CMS 0.3 via SQL injection and LFI to achieve remote command execution. It first extracts admin credentials, then either leverages LFI to spawn a shell or uses SQL injection to write a malicious PHP file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Syzygy CMS 0.3

No auth needed

Prerequisites: Target must be running Syzygy CMS 0.3 · LFI or SQL injection vulnerability must be present

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026