EIP-2026-112702

PRE-CVE

TinyBB 1.4 - Blind SQL Injection / Full Path Disclosure

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112702. PoCs published by swami.

AI-analyzed exploit summary This Python script exploits a blind SQL injection vulnerability in TinyBB 1.4 by manipulating the 'post' parameter in the URL to extract user credentials from the database. It also checks for path disclosure vulnerabilities in specific files.

Description

TinyBB 1.4 - Blind SQL Injection / Full Path Disclosure

Exploits (1)

exploitdb WORKING POC
by swami · pythonwebappsphp
https://www.exploit-db.com/exploits/17165

This Python script exploits a blind SQL injection vulnerability in TinyBB 1.4 by manipulating the 'post' parameter in the URL to extract user credentials from the database. It also checks for path disclosure vulnerabilities in specific files.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: TinyBB 1.4
No auth needed
Prerequisites: TinyBB 1.4 installation with magic_quotes_gpc off · Access to the target URL
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026