EIP-2026-111074

PRE-CVE

PHPhq.Net phAlbum 1.5.1 - 'index.php' Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111074. PoCs published by Eyup CELIK.

AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in phAlbum 1.5.1 due to insufficient input sanitization. The provided URL contains a malicious payload that executes arbitrary JavaScript when a user interacts with the affected page.

Description

PHPhq.Net phAlbum 1.5.1 - 'index.php' Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by Eyup CELIK · textwebappsphp

https://www.exploit-db.com/exploits/37307

View Code ZIP pw:eip

This exploit demonstrates a cross-site scripting (XSS) vulnerability in phAlbum 1.5.1 due to insufficient input sanitization. The provided URL contains a malicious payload that executes arbitrary JavaScript when a user interacts with the affected page.

Classification

Working Poc 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: phAlbum 1.5.1

No auth needed

Prerequisites: A vulnerable version of phAlbum · User interaction (e.g., hovering over a link)

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026