EIP-2026-104865

PRE-CVE

6kbbs - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104865. PoCs published by labs insight.

AI-analyzed exploit summary This writeup describes multiple vulnerabilities in 6kbbs V8.0, including CSRF leading to RCE via file writes, information leakage, and XSS due to unsanitized $_SERVER['PHP_SELF'] usage. No functional exploit code is provided.

Description

6kbbs - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by labs insight · textwebappsphp

https://www.exploit-db.com/exploits/17956

View Code ZIP pw:eip

This writeup describes multiple vulnerabilities in 6kbbs V8.0, including CSRF leading to RCE via file writes, information leakage, and XSS due to unsanitized $_SERVER['PHP_SELF'] usage. No functional exploit code is provided.

Classification

Writeup 90%

Attack Type

Rce | Xss | Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: 6KBBS v8.0 build 20101201

Auth required

Prerequisites: Admin access for CSRF-based RCE · Victim interaction for XSS

MITRE ATT&CK

T1134 - Access Token Manipulation T1059 - Command and Scripting Interpreter T1059.004 - Unix Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026