EIP-2026-110918

PRE-CVE

phpads 2.0 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110918. PoCs published by Danny Moules.

AI-analyzed exploit summary This advisory describes a stored XSS vulnerability in PHPAds 2.0 due to insufficient input validation in the Ad Name field. The exploit allows arbitrary JavaScript execution when the crafted ad is viewed by users.

Description

phpads 2.0 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED

by Danny Moules · textwebappsphp

https://www.exploit-db.com/exploits/7832

View Code ZIP pw:eip

This advisory describes a stored XSS vulnerability in PHPAds 2.0 due to insufficient input validation in the Ad Name field. The exploit allows arbitrary JavaScript execution when the crafted ad is viewed by users.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: PHPAds 2.0

Auth required

Prerequisites: Access to the ad creation/editing interface

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026