EIP-2026-111294

PRE-CVE

Piwigo CMS 2.5.3 - Multiple Web Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111294. PoCs published by sajith.

AI-analyzed exploit summary The exploit demonstrates stored XSS and CSRF vulnerabilities in Piwigo 2.5.3 CMS. The XSS payloads are executed in album names and group names, while the CSRF PoC automates user creation via a malicious form submission.

Description

Piwigo CMS 2.5.3 - Multiple Web Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by sajith · textwebappsphp

https://www.exploit-db.com/exploits/30310

View Code ZIP pw:eip

The exploit demonstrates stored XSS and CSRF vulnerabilities in Piwigo 2.5.3 CMS. The XSS payloads are executed in album names and group names, while the CSRF PoC automates user creation via a malicious form submission.

Classification

Working Poc 90%

Attack Type

Xss | Csrf

Complexity

Trivial

Reliability

Reliable

Target: Piwigo 2.5.3

Auth required

Prerequisites: Admin access to the Piwigo CMS · Victim interaction for XSS · Victim session for CSRF

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026