EIP-2026-105020
PRE-CVEAfterLogic WebMail Lite PHP 7.0.1 - Cross-Site Request Forgery
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-105020. PoCs published by Pablo Ribeiro.
AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in AfterLogic WebMail Lite PHP <= 7.0.1, allowing an attacker to reset the admin password by tricking an authenticated admin into visiting a malicious page. The PoC includes an auto-submitting HTML form that changes the admin credentials to '0wned1'.
Description
AfterLogic WebMail Lite PHP 7.0.1 - Cross-Site Request Forgery
Exploits (1)
This exploit demonstrates a CSRF vulnerability in AfterLogic WebMail Lite PHP <= 7.0.1, allowing an attacker to reset the admin password by tricking an authenticated admin into visiting a malicious page. The PoC includes an auto-submitting HTML form that changes the admin credentials to '0wned1'.