EIP-2026-100646

PRE-CVE

Check Box 2016 Q2 Survey - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100646. PoCs published by Fady Mohammed Osman.

AI-analyzed exploit summary This is a technical writeup detailing multiple vulnerabilities in Checkbox Survey software, including directory traversal, insecure direct object reference, and open redirection. It provides specific exploit paths and vendor communication timeline.

Description

Check Box 2016 Q2 Survey - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by Fady Mohammed Osman · textwebappsaspx

https://www.exploit-db.com/exploits/41086

View Code ZIP pw:eip

This is a technical writeup detailing multiple vulnerabilities in Checkbox Survey software, including directory traversal, insecure direct object reference, and open redirection. It provides specific exploit paths and vendor communication timeline.

Classification

Writeup 95%

Attack Type

Info Leak | Auth Bypass | Other

Complexity

Trivial

Reliability

Reliable

Target: Checkbox Survey 2016 Q2/Q4 (fixed in v6.7)

No auth needed

Prerequisites: Network access to vulnerable Checkbox instance

MITRE ATT&CK

T1006 - Direct Volume Access T1202 - Indirect Command Execution T1106 - Native API

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026