EIP-2026-105110

PRE-CVE

Allomani Songs & Clips 2.7.0 - Cross-Site Request Forgery (Add Admin)

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105110. PoCs published by G0D-F4Th3rG0D-F4Th3r.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Allomani & Clips v2.7.0, allowing an attacker to add an admin account via a crafted HTML form. The PoC automates form submission to create a new admin user without victim interaction beyond loading the page.

Description

Allomani Songs & Clips 2.7.0 - Cross-Site Request Forgery (Add Admin)

Exploits (1)

exploitdb WORKING POC
by G0D-F4Th3rG0D-F4Th3r · htmlwebappsphp
https://www.exploit-db.com/exploits/14049

This exploit demonstrates a CSRF vulnerability in Allomani & Clips v2.7.0, allowing an attacker to add an admin account via a crafted HTML form. The PoC automates form submission to create a new admin user without victim interaction beyond loading the page.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Allomani & Clips v2.7.0
No auth needed
Prerequisites: Victim must be authenticated as an admin in the target application · Victim must visit the malicious HTML page
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026