EIP-2026-119305

PRE-CVE

XAMPP for Windows 1.6.8 - 'cds.php' SQL Injection

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119305. PoCs published by Jaykishan Nirmal.

AI-analyzed exploit summary The exploit demonstrates an SQL injection vulnerability in XAMPP for Windows by injecting a malicious SQL condition into the 'id' parameter of the 'cds.php' script. This allows an attacker to manipulate the SQL query and potentially access or modify data in the underlying database.

Description

XAMPP for Windows 1.6.8 - 'cds.php' SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED
by Jaykishan Nirmal · textremotewindows
https://www.exploit-db.com/exploits/32457

The exploit demonstrates an SQL injection vulnerability in XAMPP for Windows by injecting a malicious SQL condition into the 'id' parameter of the 'cds.php' script. This allows an attacker to manipulate the SQL query and potentially access or modify data in the underlying database.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: XAMPP 1.6.8 for Windows
No auth needed
Prerequisites: Access to the target XAMPP installation
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026