EIP-2026-112702
PRE-CVETinyBB 1.4 - Blind SQL Injection / Full Path Disclosure
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-112702. PoCs published by swami.
AI-analyzed exploit summary This Python script exploits a blind SQL injection vulnerability in TinyBB 1.4 by manipulating the 'post' parameter in the URL to extract user credentials from the database. It also checks for path disclosure vulnerabilities in specific files.
Description
TinyBB 1.4 - Blind SQL Injection / Full Path Disclosure
Exploits (1)
exploitdb
WORKING POC
by swami · pythonwebappsphp
https://www.exploit-db.com/exploits/17165
This Python script exploits a blind SQL injection vulnerability in TinyBB 1.4 by manipulating the 'post' parameter in the URL to extract user credentials from the database. It also checks for path disclosure vulnerabilities in specific files.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target:
TinyBB 1.4
No auth needed
Prerequisites:
TinyBB 1.4 installation with magic_quotes_gpc off · Access to the target URL
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026