EIP-2026-119441

PRE-CVE

SysAid Help Desk Software 14.4.32 b25 - SQL Injection (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119441. PoCs published by hland.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated SQL injection vulnerability in Sysaid Helpdesk Software v14.4.32 b25. It leverages the 'menu' parameter to inject SQL commands, enabling arbitrary code execution via xp_cmdshell with SYSTEM privileges.

Description

SysAid Help Desk Software 14.4.32 b25 - SQL Injection (Metasploit)

Exploits (1)

exploitdb WORKING POC

by hland · rubywebappswindows

https://www.exploit-db.com/exploits/38822

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated SQL injection vulnerability in Sysaid Helpdesk Software v14.4.32 b25. It leverages the 'menu' parameter to inject SQL commands, enabling arbitrary code execution via xp_cmdshell with SYSTEM privileges.

Classification

Working Poc 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Sysaid Helpdesk Software <= v14.4.32 b25

No auth needed

Prerequisites: Network access to the target · Sysaid Helpdesk Software running on port 8080

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026