EIP-2026-104855

PRE-CVE

4x CMS r26 - Authentication Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104855. PoCs published by cr4wl3r.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass and SQL injection vulnerability in 4x CMS versions up to r26. The PoC provides credentials that exploit SQL injection to bypass authentication.

Description

4x CMS r26 - Authentication Bypass

Exploits (1)

exploitdb WORKING POC VERIFIED

by cr4wl3r · textwebappsphp

https://www.exploit-db.com/exploits/11833

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass and SQL injection vulnerability in 4x CMS versions up to r26. The PoC provides credentials that exploit SQL injection to bypass authentication.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: 4x CMS <= r26

No auth needed

Prerequisites: Access to the login page of the target application

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026