Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-111008. PoCs published by Cyrille Barthelemy.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in phpCMS versions prior to 1.2.1pl1. The issue arises due to insufficient input sanitization when 'STEALTH' or 'STEALTH_SECURE' modes are disabled, allowing attackers to inject malicious scripts via the 'file' parameter in the parser.php endpoint.
Description
phpCMS 1.1/1.2 - Cross-Site Scripting
Exploits (1)
The provided text describes a cross-site scripting (XSS) vulnerability in phpCMS versions prior to 1.2.1pl1. The issue arises due to insufficient input sanitization when 'STEALTH' or 'STEALTH_SECURE' modes are disabled, allowing attackers to inject malicious scripts via the 'file' parameter in the parser.php endpoint.