## https://sploitus.com/exploit?id=88A08F33-79A7-5513-8E9B-9334D26C127D
# CVE-2024-26521
CE-Phoenix-v1.0.8.20
Html Injection vulnearbility
# Login Page
![image](https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/fdcac5f4-be7a-4c11-9cf7-035dbc44e3d9)
As we can see there is a login page that anyone can understand there is a HTML injection vulnerability are there in this application.
![image](https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/2ddaa0eb-fd7f-4351-9710-de0483a48635)
Basically in this application all php save in this location as you can see the image given below!
![image](https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/9511197e-674e-40d3-ac6b-c3d093e6a43e)
# HTML Injection codes
![image](https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/7b0ecb0c-852c-418b-b442-36dd7221c1d1)
# PoC - Proof of concept image
![image](https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/34c0de44-4085-44d9-8d05-edbcd6fcfb37)
# Payloads
payloads.txt
# PoC Video
https://github.com/hackervegas001/CVE-2024-26521/assets/109858877/a7e8c1a1-a0e6-412a-ab91-da4d3974db77