EIP-2026-105521
PRE-CVEBlog System 1.x - Multiple Input Validation Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-105521. PoCs published by cp77fk4r.
AI-analyzed exploit summary The exploit demonstrates XSS and LFI vulnerabilities in Blog System 1.5 and prior by injecting malicious scripts and local file inclusion payloads via the 'action' parameter in the ADMIN/index.php endpoint.
Description
Blog System 1.x - Multiple Input Validation Vulnerabilities
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by cp77fk4r · textwebappsphp
https://www.exploit-db.com/exploits/33833
The exploit demonstrates XSS and LFI vulnerabilities in Blog System 1.5 and prior by injecting malicious scripts and local file inclusion payloads via the 'action' parameter in the ADMIN/index.php endpoint.
Classification
Working Poc 90%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
Blog System 1.5 and prior
No auth needed
Prerequisites:
Access to the target web application
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026