EIP-2026-100093

PRE-CVE

Active Bulletin Board 1.1b2 - Remote User Pass Change

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100093. PoCs published by ajann.

AI-analyzed exploit summary This exploit targets Active Bulletin Board v1.1 beta2 by submitting a crafted POST request to doprofiledit.asp, allowing an attacker to change the password of any user by manipulating hidden form fields (Id and Nom). The exploit leverages insufficient authentication checks to modify user credentials.

Description

Active Bulletin Board 1.1b2 - Remote User Pass Change

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · htmlwebappsasp

https://www.exploit-db.com/exploits/2592

View Code ZIP pw:eip

This exploit targets Active Bulletin Board v1.1 beta2 by submitting a crafted POST request to doprofiledit.asp, allowing an attacker to change the password of any user by manipulating hidden form fields (Id and Nom). The exploit leverages insufficient authentication checks to modify user credentials.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Active Bulletin Board v1.1 beta2

No auth needed

Prerequisites: Access to the target's doprofiledit.asp endpoint · Knowledge of a valid user ID or username

MITRE ATT&CK

T1110.001 - Password Guessing T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026