EIP-2026-112523

PRE-CVE

Symphony CMS 2.3 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112523. PoCs published by Wireghoul.

AI-analyzed exploit summary This is a detailed vulnerability writeup for Symphony CMS 2.3, describing multiple vulnerabilities including SQL injection, XSS, authentication bypass, and file upload issues. It provides PoC examples but does not include executable exploit code.

Description

Symphony CMS 2.3 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by Wireghoul · textwebappsphp

https://www.exploit-db.com/exploits/22039

View Code ZIP pw:eip

This is a detailed vulnerability writeup for Symphony CMS 2.3, describing multiple vulnerabilities including SQL injection, XSS, authentication bypass, and file upload issues. It provides PoC examples but does not include executable exploit code.

Classification

Writeup 100%

Attack Type

Sqli | Xss | Auth Bypass | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Symphony CMS 2.3

No auth needed

Prerequisites: Access to the target Symphony CMS instance · PHP error display enabled for path disclosure

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026