EIP-2026-111110

This exploit demonstrates an HTML injection vulnerability in phpLinks, allowing an attacker to inject malicious HTML/script code via form fields (e.g., Site Title or Site URL). The PoC includes a script that, when executed by an admin reviewing the submission, can delete database entries or add malicious users.