EIP-2026-104337
PRE-CVEMetasploit Project < 4.11.1 - Initial User Creation Cross-Site Request Forgery (Metasploit)
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-104337. PoCs published by Mohamed Abdelbaset Elnoby.
AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Metasploit Project's user creation and settings update functionality. The PoC HTML forms bypass the 'authenticity_token' validation, allowing an attacker to create a new user or modify existing user settings without proper authorization.
Description
Metasploit Project < 4.11.1 - Initial User Creation Cross-Site Request Forgery (Metasploit)
Exploits (1)
This exploit demonstrates a CSRF vulnerability in Metasploit Project's user creation and settings update functionality. The PoC HTML forms bypass the 'authenticity_token' validation, allowing an attacker to create a new user or modify existing user settings without proper authorization.