EIP-2026-100940

PRE-CVE

YaBB 1.x/9.1.2000 - Administrator Command Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100940. PoCs published by GulfTech Security.

AI-analyzed exploit summary The vulnerability in YaBB allows an attacker to embed malicious administrative commands within an IMG tag. When an administrator views the post, the commands are executed with their privileges due to improper access validation.

Description

YaBB 1.x/9.1.2000 - Administrator Command Execution

Exploits (1)

exploitdb WRITEUP VERIFIED

by GulfTech Security · textwebappscgi

https://www.exploit-db.com/exploits/24611

View Code ZIP pw:eip

The vulnerability in YaBB allows an attacker to embed malicious administrative commands within an IMG tag. When an administrator views the post, the commands are executed with their privileges due to improper access validation.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: YaBB (version not specified)

No auth needed

Prerequisites: Administrator must view the malicious post

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026