EIP-2026-114480

PRE-CVE

XOS Shop - 'goto' SQL Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114480. PoCs published by JoKeR_StEx.

AI-analyzed exploit summary The provided text describes an SQL injection vulnerability in XOS Shop 1.0 rc7o, where the 'goto' parameter in 'redirect.php' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially leading to data access, modification, or further exploitation of the database.

Description

XOS Shop - 'goto' SQL Injection

Exploits (1)

exploitdb WRITEUP VERIFIED
by JoKeR_StEx · textwebappsphp
https://www.exploit-db.com/exploits/39060

The provided text describes an SQL injection vulnerability in XOS Shop 1.0 rc7o, where the 'goto' parameter in 'redirect.php' is not properly sanitized. This allows attackers to manipulate SQL queries, potentially leading to data access, modification, or further exploitation of the database.

Classification
Writeup 80%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: XOS Shop 1.0 rc7o
No auth needed
Prerequisites: Access to the vulnerable endpoint · Ability to craft malicious SQL queries
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026