EIP-2026-112769

PRE-CVE

Traffic Offense Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112769. PoCs published by Tagoletta.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated SQL injection leading to remote code execution in Traffic Offense Management System 1.0. It bypasses authentication, extracts file paths via SQL errors, and writes a PHP shell using SQL INTO OUTFILE.

Description

Traffic Offense Management System 1.0 - Remote Code Execution (RCE) (Unauthenticated)

Exploits (1)

exploitdb WORKING POC

by Tagoletta · pythonwebappsphp

https://www.exploit-db.com/exploits/50244

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated SQL injection leading to remote code execution in Traffic Offense Management System 1.0. It bypasses authentication, extracts file paths via SQL errors, and writes a PHP shell using SQL INTO OUTFILE.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Traffic Offense Management System 1.0

No auth needed

Prerequisites: Network access to the target · PHP and MySQL running on the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026