EIP-2026-107440

PRE-CVE

GMTT Music Distro 1.2 - 'ShowOwn.php' Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107440. PoCs published by CorryL.

AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in GMTT Music Distro 1.2, where an attacker can inject malicious scripts via the 'st' parameter in the 'showown.php' file. This allows for potential theft of authentication credentials or other client-side attacks.

Description

GMTT Music Distro 1.2 - 'ShowOwn.php' Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED

by CorryL · textwebappsphp

https://www.exploit-db.com/exploits/30073

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in GMTT Music Distro 1.2, where an attacker can inject malicious scripts via the 'st' parameter in the 'showown.php' file. This allows for potential theft of authentication credentials or other client-side attacks.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: GMTT Music Distro 1.2

No auth needed

Prerequisites: Access to the vulnerable endpoint · User interaction to trigger the payload

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026