EIP-2026-111165

PRE-CVE

PHPmyGallery 1.5 - Local File Disclosure / Cross-Site Scripting

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111165. PoCs published by TheMirkin.

AI-analyzed exploit summary The exploit demonstrates XSS and local file disclosure vulnerabilities in PHPmyGallery due to unsanitized user input. It includes crafted URLs that trigger XSS via script injection and path traversal to access sensitive files like /etc/passwd.

Description

PHPmyGallery 1.5 - Local File Disclosure / Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED
by TheMirkin · textwebappsphp
https://www.exploit-db.com/exploits/38327

The exploit demonstrates XSS and local file disclosure vulnerabilities in PHPmyGallery due to unsanitized user input. It includes crafted URLs that trigger XSS via script injection and path traversal to access sensitive files like /etc/passwd.

Classification
Working Poc 90%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: PHPmyGallery 1.51.010 and prior
No auth needed
Prerequisites: Access to the vulnerable PHPmyGallery instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026