EIP-2026-119352

PRE-CVE

Billwerx RC 3.1 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119352. PoCs published by mr_me.

AI-analyzed exploit summary The exploit demonstrates two vulnerabilities in Billwerx RC v3.1: a stored XSS via employee profile fields and an SQL injection in the file upload functionality. The XSS allows cookie theft, while the SQLi enables arbitrary database manipulation.

Description

Billwerx RC 3.1 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by mr_me · textwebappswindows

https://www.exploit-db.com/exploits/10376

View Code ZIP pw:eip

The exploit demonstrates two vulnerabilities in Billwerx RC v3.1: a stored XSS via employee profile fields and an SQL injection in the file upload functionality. The XSS allows cookie theft, while the SQLi enables arbitrary database manipulation.

Classification

Working Poc 90%

Attack Type

Xss | Sqli

Complexity

Trivial

Reliability

Reliable

Target: Billwerx RC v3.1

Auth required

Prerequisites: Access to an employee account · Admin interaction for XSS payload execution

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026