EIP-2026-113215

PRE-CVE

Web Cookbook - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113215. PoCs published by cr4wl3r.

AI-analyzed exploit summary The exploit demonstrates SQL injection and remote file disclosure vulnerabilities in Web Cookbook. The SQLi allows arbitrary database queries via the 'currid' parameter, while the file disclosure flaw in 'dumpdb.php' enables reading arbitrary files due to improper path sanitization.

Description

Web Cookbook - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by cr4wl3r · textwebappsphp

https://www.exploit-db.com/exploits/24531

View Code ZIP pw:eip

The exploit demonstrates SQL injection and remote file disclosure vulnerabilities in Web Cookbook. The SQLi allows arbitrary database queries via the 'currid' parameter, while the file disclosure flaw in 'dumpdb.php' enables reading arbitrary files due to improper path sanitization.

Classification

Working Poc 90%

Attack Type

Sqli | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Web Cookbook (version unspecified)

No auth needed

Prerequisites: Network access to the target application · Web Cookbook installed and accessible

MITRE ATT&CK

T1189 - Drive-by Compromise T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026