EIP-2026-114396

PRE-CVE

WX-Guestbook 1.1.208 - SQL Injection / HTML Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114396. PoCs published by learn3r.

AI-analyzed exploit summary The exploit demonstrates SQL injection and HTML injection vulnerabilities in WX-Guestbook 1.1.208. The provided payload extracts database version, user, and database name via a UNION-based SQLi attack.

Description

WX-Guestbook 1.1.208 - SQL Injection / HTML Injection

Exploits (1)

exploitdb WORKING POC VERIFIED
by learn3r · textwebappsphp
https://www.exploit-db.com/exploits/34341

The exploit demonstrates SQL injection and HTML injection vulnerabilities in WX-Guestbook 1.1.208. The provided payload extracts database version, user, and database name via a UNION-based SQLi attack.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: WX-Guestbook 1.1.208
No auth needed
Prerequisites: Access to the vulnerable guestbook input field
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026