EIP-2026-110657

PRE-CVE

PHP Business Directory - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110657. PoCs published by larrycompress.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in PHP Business Directory, including reflected XSS, stored XSS, and CSRF. The PoC provides specific URLs and payloads to trigger these vulnerabilities, with some requiring authentication.

Description

PHP Business Directory - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by larrycompress · textwebappsphp

https://www.exploit-db.com/exploits/40559

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in PHP Business Directory, including reflected XSS, stored XSS, and CSRF. The PoC provides specific URLs and payloads to trigger these vulnerabilities, with some requiring authentication.

Classification

Working Poc 90%

Attack Type

Xss | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: PHP Business Directory (version not specified)

Auth required

Prerequisites: Access to the target application · For some exploits, valid user credentials

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026