EIP-2026-112734

PRE-CVE

Toko Lite CMS 1.5.2 - 'edit.php' HTTP Response Splitting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112734. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates an HTTP Response Splitting vulnerability in Toko Lite CMS 1.5.2 via the 'charSet' parameter in 'edit.php'. The unsanitized input allows arbitrary HTTP headers to be injected into the response.

Description

Toko Lite CMS 1.5.2 - 'edit.php' HTTP Response Splitting

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappsphp

https://www.exploit-db.com/exploits/17859

View Code ZIP pw:eip

This exploit demonstrates an HTTP Response Splitting vulnerability in Toko Lite CMS 1.5.2 via the 'charSet' parameter in 'edit.php'. The unsanitized input allows arbitrary HTTP headers to be injected into the response.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Toko Lite CMS 1.5.2

No auth needed

Prerequisites: Access to the 'edit.php' endpoint

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026