EIP-2026-113339

PRE-CVE

WebPhotoPro - Multiple SQL Injections

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113339. PoCs published by baltazar.

AI-analyzed exploit summary This Python script exploits multiple SQL injection vulnerabilities in WebPhotoPro by injecting crafted SQL queries to extract admin credentials. It automates the process of testing various vulnerable endpoints and displays results if successful.

Description

WebPhotoPro - Multiple SQL Injections

Exploits (1)

exploitdb WORKING POC VERIFIED

by baltazar · pythonwebappsphp

https://www.exploit-db.com/exploits/32662

View Code ZIP pw:eip

This Python script exploits multiple SQL injection vulnerabilities in WebPhotoPro by injecting crafted SQL queries to extract admin credentials. It automates the process of testing various vulnerable endpoints and displays results if successful.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: WebPhotoPro

No auth needed

Prerequisites: Target running WebPhotoPro with vulnerable endpoints exposed

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026