EIP-2026-114529

PRE-CVE

Yet Another CMS 1.0 - SQL Injection / Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114529. PoCs published by Stefan Schurtz.

AI-analyzed exploit summary This advisory details SQL injection and XSS vulnerabilities in Yet Another CMS 1.0, with technical analysis of vulnerable code snippets and exploit examples. It includes affected functions, query structures, and attack vectors.

Description

Yet Another CMS 1.0 - SQL Injection / Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP

by Stefan Schurtz · textwebappsphp

https://www.exploit-db.com/exploits/17997

View Code ZIP pw:eip

This advisory details SQL injection and XSS vulnerabilities in Yet Another CMS 1.0, with technical analysis of vulnerable code snippets and exploit examples. It includes affected functions, query structures, and attack vectors.

Classification

Writeup 90%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: Yet Another CMS 1.0

No auth needed

Prerequisites: Access to the search.php or index.php endpoints

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026