EIP-2026-105341
PRE-CVEAZ Photo Album - Cross-Site Scripting / Arbitrary File Upload
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-105341. PoCs published by Eyup CELIK.
AI-analyzed exploit summary The provided text describes cross-site scripting (XSS) and arbitrary file upload vulnerabilities in AZ Photo Album, with example URLs demonstrating the XSS attack vector. It lacks functional exploit code but provides technical details about the vulnerability.
Description
AZ Photo Album - Cross-Site Scripting / Arbitrary File Upload
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Eyup CELIK · textwebappsphp
https://www.exploit-db.com/exploits/37283
The provided text describes cross-site scripting (XSS) and arbitrary file upload vulnerabilities in AZ Photo Album, with example URLs demonstrating the XSS attack vector. It lacks functional exploit code but provides technical details about the vulnerability.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Theoretical
Target:
AZ Photo Album
No auth needed
Prerequisites:
Access to the vulnerable web application
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026