EIP-2026-111644

PRE-CVE

QuickCart 3.x - Cross-Site Scripting / Cross-Site Request Forgery / Local File Inclusion / Directory Traversal

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111644. PoCs published by kl3ryk.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in QuickCart, including directory traversal, XSS via cookie manipulation, CSRF for admin actions, and LFI with constraints. It provides clear examples and code snippets for each vulnerability.

Description

QuickCart 3.x - Cross-Site Scripting / Cross-Site Request Forgery / Local File Inclusion / Directory Traversal

Exploits (1)

exploitdb WORKING POC VERIFIED

by kl3ryk · textwebappsphp

https://www.exploit-db.com/exploits/10051

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in QuickCart, including directory traversal, XSS via cookie manipulation, CSRF for admin actions, and LFI with constraints. It provides clear examples and code snippets for each vulnerability.

Classification

Working Poc 90%

Attack Type

Xss | Auth Bypass | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: QuickCart

No auth needed

Prerequisites: Access to the target application · Knowledge of existing files and actions

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1087 - Account Discovery T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026