EIP-2026-106965

PRE-CVE

Exponent CMS 0.97 - Multiple Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106965. PoCs published by LiquidWorm.

AI-analyzed exploit summary This is a vulnerability writeup detailing multiple issues in Exponent CMS v0.97, including LFI, arbitrary file upload, and XSS. It provides technical descriptions and PoC URLs but lacks executable exploit code.

Description

Exponent CMS 0.97 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED
by LiquidWorm · textwebappsphp
https://www.exploit-db.com/exploits/15247

This is a vulnerability writeup detailing multiple issues in Exponent CMS v0.97, including LFI, arbitrary file upload, and XSS. It provides technical descriptions and PoC URLs but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Info Leak | Auth Bypass | Xss
Complexity
Trivial
Reliability
Theoretical
Target: Exponent CMS v0.97
No auth needed
Prerequisites: Network access to the target · Vulnerable version of Exponent CMS
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026