EIP-2026-113414
PRE-CVEWHMCompleteSolution (WHMCS) 5.2.8 - SQL Injection
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-113414. PoCs published by g00n.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in WHMCS 5.2.8 via the `viewticket.php` endpoint, leveraging the `select_query()` function's vulnerability due to Register Globals. The PoC extracts admin credentials from the `tbladmins` table using a UNION-based SQL injection.
Description
WHMCompleteSolution (WHMCS) 5.2.8 - SQL Injection
Exploits (1)
This exploit demonstrates a SQL injection vulnerability in WHMCS 5.2.8 via the `viewticket.php` endpoint, leveraging the `select_query()` function's vulnerability due to Register Globals. The PoC extracts admin credentials from the `tbladmins` table using a UNION-based SQL injection.