EIP-2026-110788

PRE-CVE

PHP Web Statistik 1.4 - Content Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110788. PoCs published by Francesco Ongaro.

AI-analyzed exploit summary The provided text describes XSS and HTML injection vulnerabilities in PHP Web Statistik due to improper input sanitization. It includes example URLs and curl commands to demonstrate the issues.

Description

PHP Web Statistik 1.4 - Content Injection

Exploits (1)

exploitdb WRITEUP VERIFIED

by Francesco Ongaro · textwebappsphp

https://www.exploit-db.com/exploits/26636

View Code ZIP pw:eip

The provided text describes XSS and HTML injection vulnerabilities in PHP Web Statistik due to improper input sanitization. It includes example URLs and curl commands to demonstrate the issues.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: PHP Web Statistik

No auth needed

Prerequisites: Access to the vulnerable application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026