EIP-2026-113098

PRE-CVE

Vikingboard 0.2 Beta - 'register.php' SQL Column Truncation Unauthorized Access

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113098. PoCs published by StAkeR.

AI-analyzed exploit summary The vulnerability allows unauthorized account registration by exploiting improper handling of whitespace and NULL characters in the username field. This can lead to account hijacking or impersonation of existing users.

Description

Vikingboard 0.2 Beta - 'register.php' SQL Column Truncation Unauthorized Access

Exploits (1)

exploitdb WRITEUP VERIFIED

by StAkeR · textwebappsphp

https://www.exploit-db.com/exploits/32422

View Code ZIP pw:eip

The vulnerability allows unauthorized account registration by exploiting improper handling of whitespace and NULL characters in the username field. This can lead to account hijacking or impersonation of existing users.

Classification

Writeup 80%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Vikingboard 0.2 Beta

No auth needed

Prerequisites: Access to the registration endpoint

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026