EIP-2026-112768

PRE-CVE

Tradingeye E-Commerce Shopping Cart - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112768. PoCs published by $#4d0\/\/[r007k17].

AI-analyzed exploit summary The exploit demonstrates an authentication bypass via SQL injection and a reflected XSS vulnerability in the Tradingeye CMS admin panel. The SQLi allows bypassing login with a trivial payload, while the XSS exploits an unfiltered search field.

Description

Tradingeye E-Commerce Shopping Cart - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by $#4d0\/\/[r007k17] · textwebappsphp

https://www.exploit-db.com/exploits/17523

View Code ZIP pw:eip

The exploit demonstrates an authentication bypass via SQL injection and a reflected XSS vulnerability in the Tradingeye CMS admin panel. The SQLi allows bypassing login with a trivial payload, while the XSS exploits an unfiltered search field.

Classification

Working Poc 90%

Attack Type

Sqli | Xss | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Tradingeye CMS v6

No auth needed

Prerequisites: Access to the admin login page · XSS requires user interaction in the admin panel

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026