EIP-2026-100127

PRE-CVE

ASPapp Multiple Products - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100127. PoCs published by GulfTech Security.

AI-analyzed exploit summary This is a detailed vulnerability writeup describing multiple security issues in ASPapp, including privilege escalation, account hijacking, XSS, code injection, and plaintext password storage. No exploit code is provided, only descriptions of vulnerabilities.

Description

ASPapp Multiple Products - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by GulfTech Security · textwebappsasp

https://www.exploit-db.com/exploits/43793

View Code ZIP pw:eip

This is a detailed vulnerability writeup describing multiple security issues in ASPapp, including privilege escalation, account hijacking, XSS, code injection, and plaintext password storage. No exploit code is provided, only descriptions of vulnerabilities.

Classification

Writeup 100%

Attack Type

Auth Bypass | Xss | Info Leak | Other

Complexity

Trivial

Reliability

Theoretical

Target: ASPapp (Multiple Products), IntranetApp, ProjectApp

No auth needed

Prerequisites: Access to registration or profile editing functionality · Ability to submit malicious input in vulnerable fields

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1189 - Drive-by Compromise T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026