EIP-2026-111363

PRE-CVE

PluggedOut CMS 0.4.8 - 'admin.php' Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111363. PoCs published by FalconDeOro.

AI-analyzed exploit summary The provided text describes XSS and SQL injection vulnerabilities in PluggedOut CMS, with example URLs demonstrating potential attack vectors. No actual exploit code is present.

Description

PluggedOut CMS 0.4.8 - 'admin.php' Cross-Site Scripting

Exploits (1)

exploitdb WRITEUP VERIFIED

by FalconDeOro · textwebappsphp

https://www.exploit-db.com/exploits/26054

View Code ZIP pw:eip

The provided text describes XSS and SQL injection vulnerabilities in PluggedOut CMS, with example URLs demonstrating potential attack vectors. No actual exploit code is present.

Classification

Writeup 90%

Attack Type

Xss | Sqli

Complexity

Trivial

Reliability

Theoretical

Target: PluggedOut CMS (version unspecified)

No auth needed

Prerequisites: Access to the target application

MITRE ATT&CK

T1059.007 - JavaScript T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026