EIP-2026-102351

PRE-CVE

Ametys CMS 3.5.2 - 'lang' XPath Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102351. PoCs published by LiquidWorm.

AI-analyzed exploit summary The document describes an XPath injection vulnerability in Ametys CMS 3.5.2, where the 'lang' POST parameter in the newsletter plugin is not properly sanitized, allowing arbitrary XPath code injection. The provided HTTP request demonstrates the exploit, triggering an internal server error with a detailed XPath parsing exception.

Description

Ametys CMS 3.5.2 - 'lang' XPath Injection

Exploits (1)

exploitdb WRITEUP

by LiquidWorm · textwebappsjava

https://www.exploit-db.com/exploits/29918

View Code ZIP pw:eip

The document describes an XPath injection vulnerability in Ametys CMS 3.5.2, where the 'lang' POST parameter in the newsletter plugin is not properly sanitized, allowing arbitrary XPath code injection. The provided HTTP request demonstrates the exploit, triggering an internal server error with a detailed XPath parsing exception.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: Ametys CMS 3.5.2 and 3.5.1

No auth needed

Prerequisites: Access to the newsletter plugin endpoint

MITRE ATT&CK

T1082 - System Information Discovery

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026