EIP-2026-113029
PRE-CVEvBulletin Yet Another Awards System 4.0.2 - SQL Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-113029. PoCs published by Backsl@sh/Dan.
AI-analyzed exploit summary The exploit demonstrates a time-based SQL injection vulnerability in vBulletin Yet Another Awards System 4.0.2 via the 'award_request_uid' parameter in /request_award.php. The parameter is unsanitized and directly used in an SQL INSERT statement, allowing arbitrary SQL injection.
Description
vBulletin Yet Another Awards System 4.0.2 - SQL Injection
Exploits (1)
The exploit demonstrates a time-based SQL injection vulnerability in vBulletin Yet Another Awards System 4.0.2 via the 'award_request_uid' parameter in /request_award.php. The parameter is unsanitized and directly used in an SQL INSERT statement, allowing arbitrary SQL injection.