CVE-2015-6518

phpliteadmin 1.1 - Cross-Site Scripting via PATH_INFO or Table Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-6518. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates CSRF and XSS vulnerabilities in phpLiteAdmin v1.1. It includes proof-of-concept URLs for XSS via $_SERVER['PHP_SELF'], unsanitized 'droptable' and 'table' parameters, and a CSRF attack to drop database tables.

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpLiteAdmin 1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) droptable parameter, or (3) table parameter to phpliteadmin.php.

Exploits (1)

exploitdb WORKING POC
by hyp3rlinx · textwebappsphp
https://www.exploit-db.com/exploits/37515

This exploit demonstrates CSRF and XSS vulnerabilities in phpLiteAdmin v1.1. It includes proof-of-concept URLs for XSS via $_SERVER['PHP_SELF'], unsanitized 'droptable' and 'table' parameters, and a CSRF attack to drop database tables.

Classification
Working Poc 100%
Attack Type
Xss | Csrf
Complexity
Trivial
Reliability
Reliable
Target: phpLiteAdmin v1.1
No auth needed
Prerequisites: Victim must visit a malicious URL · Target application must be phpLiteAdmin v1.1
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/535936/100/0/threaded

Scores

EPSS 0.0352
EPSS Percentile 87.7%

Details

CWE
CWE-79
Status published
Products (1)
phpliteadmin/phpliteadmin 1.1
Published Aug 18, 2015
Tracked Since Feb 18, 2026