EIP-2026-112848

PRE-CVE

UCCASS 1.8.1 - Blind SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112848. PoCs published by dun.

AI-analyzed exploit summary This exploit demonstrates a blind SQL injection vulnerability in UCCASS v1.8.1 and earlier. The vulnerability arises from unfiltered user input in the 'sid' parameter in filter.php, which is directly used in SQL queries without sanitization.

Description

UCCASS 1.8.1 - Blind SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by dun · textwebappsphp

https://www.exploit-db.com/exploits/19386

View Code ZIP pw:eip

This exploit demonstrates a blind SQL injection vulnerability in UCCASS v1.8.1 and earlier. The vulnerability arises from unfiltered user input in the 'sid' parameter in filter.php, which is directly used in SQL queries without sanitization.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: UCCASS (Unit Command Climate Assessment and Survey System) v1.8.1 and earlier

No auth needed

Prerequisites: Access to the vulnerable UCCASS application

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026