EIP-2026-110618

PRE-CVE

PhotoKorn 1.542 - Cross-Site Scripting / Remote File Inclusion

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110618. PoCs published by indoushka.

AI-analyzed exploit summary The exploit demonstrates a cross-site scripting (XSS) and remote file inclusion (RFI) vulnerability in Photokorn 1.542. The XSS payload is injected via the 'lang' parameter in install.php, while the RFI is triggered via the 'lg' parameter in index.php.

Description

PhotoKorn 1.542 - Cross-Site Scripting / Remote File Inclusion

Exploits (1)

exploitdb WORKING POC VERIFIED
by indoushka · textwebappsphp
https://www.exploit-db.com/exploits/33457

The exploit demonstrates a cross-site scripting (XSS) and remote file inclusion (RFI) vulnerability in Photokorn 1.542. The XSS payload is injected via the 'lang' parameter in install.php, while the RFI is triggered via the 'lg' parameter in index.php.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Photokorn 1.542
No auth needed
Prerequisites: Access to the vulnerable Photokorn installation
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026