EIP-2026-107474

PRE-CVE

Grafik CMS - '/admin.php' SQL Injection / Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107474. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary This exploit demonstrates multiple XSS vulnerabilities in Grafik CMS 1.1.2 by injecting malicious scripts into form fields. The PoC automatically submits forms with payloads that trigger alert popups with cookie data.

Description

Grafik CMS - '/admin.php' SQL Injection / Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by High-Tech Bridge SA · htmlwebappsphp

https://www.exploit-db.com/exploits/34222

View Code ZIP pw:eip

This exploit demonstrates multiple XSS vulnerabilities in Grafik CMS 1.1.2 by injecting malicious scripts into form fields. The PoC automatically submits forms with payloads that trigger alert popups with cookie data.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Grafik CMS 1.1.2

Auth required

Prerequisites: Access to admin interface · Valid session or authentication

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026