EIP-2026-104960

PRE-CVE

AdminLog 0.5 - 'valid_login' Authentication Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104960. PoCs published by SirGod.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in AdminLog 0.5 by manipulating the 'valid_login' and 'loggedInUser' parameters when 'register_globals' is enabled in PHP. The PoC provides a direct URL to bypass login restrictions.

Description

AdminLog 0.5 - 'valid_login' Authentication Bypass

Exploits (1)

exploitdb WORKING POC VERIFIED

by SirGod · textwebappsphp

https://www.exploit-db.com/exploits/9075

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in AdminLog 0.5 by manipulating the 'valid_login' and 'loggedInUser' parameters when 'register_globals' is enabled in PHP. The PoC provides a direct URL to bypass login restrictions.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: AdminLog 0.5

No auth needed

Prerequisites: register_globals = ON in PHP configuration · knowledge of a valid username

MITRE ATT&CK

T1110.001 - Password Guessing T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026