EIP-2026-104346

PRE-CVE

Mura CMS 5.1 - Root Path Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104346. PoCs published by Vladimir Vorontsov.

AI-analyzed exploit summary The document describes two vulnerabilities in Mura CMS <= 5.1: an information disclosure flaw due to improper error handling when submitting oversized input, and multiple XSS vulnerabilities (reflected and stored) in parameters like 'link' and 'returnURL'. It provides technical details and proof-of-concept URLs but does not include functional exploit code.

Description

Mura CMS 5.1 - Root Path Disclosure

Exploits (1)

exploitdb WRITEUP VERIFIED

by Vladimir Vorontsov · textwebappsmultiple

https://www.exploit-db.com/exploits/9898

View Code ZIP pw:eip

The document describes two vulnerabilities in Mura CMS <= 5.1: an information disclosure flaw due to improper error handling when submitting oversized input, and multiple XSS vulnerabilities (reflected and stored) in parameters like 'link' and 'returnURL'. It provides technical details and proof-of-concept URLs but does not include functional exploit code.

Classification

Writeup 90%

Attack Type

Xss | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Mura CMS <= 5.1

No auth needed

Prerequisites: Access to a vulnerable Mura CMS instance

MITRE ATT&CK

T1059.007 - JavaScript T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026