EIP-2026-113050

PRE-CVE

VehicleWorkshop 1.0 - 'bookingid' SQL Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113050. PoCs published by Mehran Feizi.

AI-analyzed exploit summary The exploit demonstrates a SQL injection vulnerability in VehicleWorkshop 1.0 via the 'bookingid' parameter in viewtestdrive.php. The vulnerable code directly interpolates user input into SQL queries without sanitization, allowing arbitrary SQL command execution.

Description

VehicleWorkshop 1.0 - 'bookingid' SQL Injection

Exploits (1)

exploitdb WORKING POC
by Mehran Feizi · textwebappsphp
https://www.exploit-db.com/exploits/48023

The exploit demonstrates a SQL injection vulnerability in VehicleWorkshop 1.0 via the 'bookingid' parameter in viewtestdrive.php. The vulnerable code directly interpolates user input into SQL queries without sanitization, allowing arbitrary SQL command execution.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: VehicleWorkshop 1.0
No auth needed
Prerequisites: Access to the vulnerable endpoint /viewtestdrive.php
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026