EIP-2026-114625

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114625. PoCs published by Curesec Research Team.

AI-analyzed exploit summary This document details two SQL injection vulnerabilities in ZeusCart 4.0, including a blind timing-based SQLi in the maincatid parameter and an authenticated SQLi in the admin area via file upload manipulation. It provides proof-of-concept URLs, curl commands, and code snippets demonstrating the exploits.

Description

ZeusCart 4.0 - SQL Injection

Exploits (1)

exploitdb WRITEUP

by Curesec Research Team · textwebappsphp

https://www.exploit-db.com/exploits/38224

View Code ZIP pw:eip

This document details two SQL injection vulnerabilities in ZeusCart 4.0, including a blind timing-based SQLi in the maincatid parameter and an authenticated SQLi in the admin area via file upload manipulation. It provides proof-of-concept URLs, curl commands, and code snippets demonstrating the exploits.

Classification

Writeup 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: ZeusCart 4.0

No auth needed

Prerequisites: Access to the ZeusCart application · For the admin area SQLi, valid admin credentials are required

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

ZeusCart 4.0 - SQL Injection

Exploitation Summary

Description

Exploits (1)

Details