EIP-2026-114422

PRE-CVE

Xenon - 'id' Multiple SQL Injections

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114422. PoCs published by m3rciL3Ss.

AI-analyzed exploit summary The provided code demonstrates SQL injection vulnerabilities in Xenon CMS by injecting malicious SQL queries via the 'id' parameter in multiple endpoints. The payloads extract table and column names from the database, confirming the vulnerability.

Description

Xenon - 'id' Multiple SQL Injections

Exploits (1)

exploitdb WORKING POC VERIFIED

by m3rciL3Ss · textwebappsphp

https://www.exploit-db.com/exploits/36236

View Code ZIP pw:eip

The provided code demonstrates SQL injection vulnerabilities in Xenon CMS by injecting malicious SQL queries via the 'id' parameter in multiple endpoints. The payloads extract table and column names from the database, confirming the vulnerability.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Xenon CMS

No auth needed

Prerequisites: Access to the vulnerable web application endpoints

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026