EIP-2026-100224

PRE-CVE

Comersus Shopping Cart 6.0 - Remote User Pass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100224. PoCs published by ajann.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Comersus Shopping Cart v6 by allowing an attacker to modify user account details, including email and password, without proper authorization. The PoC provides an HTML form that submits modified user data directly to the vulnerable endpoint.

Description

Comersus Shopping Cart 6.0 - Remote User Pass

Exploits (1)

exploitdb WORKING POC VERIFIED

by ajann · htmlwebappsasp

https://www.exploit-db.com/exploits/7736

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in Comersus Shopping Cart v6 by allowing an attacker to modify user account details, including email and password, without proper authorization. The PoC provides an HTML form that submits modified user data directly to the vulnerable endpoint.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Comersus Shopping Cart v6

No auth needed

Prerequisites: Target must be running Comersus Shopping Cart v6 · Attacker must have network access to the target

MITRE ATT&CK

T1134 - Access Token Manipulation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026