EIP-2026-111180

PRE-CVE

phpoutsourcing zorum 3.5 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111180. PoCs published by benjilenoob.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Zorum 3.5, including HTML injection, XSS, SQL injection, and authentication bypass. It includes example URLs demonstrating XSS but lacks executable exploit code.

Description

phpoutsourcing zorum 3.5 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED

by benjilenoob · textwebappsphp

https://www.exploit-db.com/exploits/25206

View Code ZIP pw:eip

The provided text describes multiple vulnerabilities in Zorum 3.5, including HTML injection, XSS, SQL injection, and authentication bypass. It includes example URLs demonstrating XSS but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Xss | Sqli | Auth Bypass

Complexity

Trivial

Reliability

Theoretical

Target: Zorum 3.5

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1059.007 - JavaScript T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026