Exploit for CVE-2024-26521

Name: Exploit for CVE-2024-26521
Rating: 5 (162 reviews)
2024-02-16 | CVSS 4.8
## https://sploitus.com/exploit?id=88A08F33-79A7-5513-8E9B-9334D26C127D
# CVE-2024-26521
CE-Phoenix-v1.0.8.20
Html Injection vulnearbility

# Login Page
![image](https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/fdcac5f4-be7a-4c11-9cf7-035dbc44e3d9)

As we can see there is a login page that anyone can understand there is a HTML injection vulnerability are there in this application.

![image](https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/2ddaa0eb-fd7f-4351-9710-de0483a48635)

Basically in this application all php save in this location as you can see the image given below!

![image](https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/9511197e-674e-40d3-ac6b-c3d093e6a43e)

# HTML Injection codes
![image](https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/7b0ecb0c-852c-418b-b442-36dd7221c1d1)

# PoC - Proof of concept image 
![image](https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/34c0de44-4085-44d9-8d05-edbcd6fcfb37)

# Payloads
payloads.txt

# PoC Video

https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/a7e8c1a1-a0e6-412a-ab91-da4d3974db77