EIP-2026-110668

PRE-CVE

PHP Classifieds 6.20 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110668. PoCs published by ZoRLu.

AI-analyzed exploit summary This exploit demonstrates multiple XSS vulnerabilities and an authentication bypass in PHP Classifieds 6.20. The PoC includes URLs that trigger XSS via unsanitized input parameters and direct access to admin configuration files without authentication.

Description

PHP Classifieds 6.20 - Multiple Cross-Site Scripting / Authentication Bypass Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by ZoRLu · textwebappsphp

https://www.exploit-db.com/exploits/31568

View Code ZIP pw:eip

This exploit demonstrates multiple XSS vulnerabilities and an authentication bypass in PHP Classifieds 6.20. The PoC includes URLs that trigger XSS via unsanitized input parameters and direct access to admin configuration files without authentication.

Classification

Working Poc 90%

Attack Type

Xss | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: PHP Classifieds 6.20

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1059.007 - JavaScript T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026