EIP-2026-110537

PRE-CVE

PECL Alternative PHP Cache Local 3 - HTML Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110537. PoCs published by Moritz Naumann.

AI-analyzed exploit summary The exploit describes an HTML injection vulnerability in PECL Alternative PHP Cache (APC) due to improper input sanitization. Attackers with local write access can create directories and files with malicious names to trigger XSS when accessed via HTTP.

Description

PECL Alternative PHP Cache Local 3 - HTML Injection

Exploits (1)

exploitdb WRITEUP VERIFIED

by Moritz Naumann · textwebappsphp

https://www.exploit-db.com/exploits/32676

View Code ZIP pw:eip

The exploit describes an HTML injection vulnerability in PECL Alternative PHP Cache (APC) due to improper input sanitization. Attackers with local write access can create directories and files with malicious names to trigger XSS when accessed via HTTP.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: Alternative PHP Cache (APC) 3.1.1, 3.0.19

No auth needed

Prerequisites: Local write access to the target system (e.g., FTP access in shared hosting)

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026