EIP-2026-105207

PRE-CVE

appRain CMF - Multiple Cross-Site Request Forgery Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105207. PoCs published by Yashar shahinzadeh.

AI-analyzed exploit summary The exploit demonstrates a CSRF vulnerability in appRain CMF 3.0.2, allowing unauthorized actions such as deleting admin rows and adding new admin users via crafted HTML forms. The PoC includes functional code to trigger these actions without user interaction.

Description

appRain CMF - Multiple Cross-Site Request Forgery Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Yashar shahinzadeh · textwebappsphp

https://www.exploit-db.com/exploits/38744

View Code ZIP pw:eip

The exploit demonstrates a CSRF vulnerability in appRain CMF 3.0.2, allowing unauthorized actions such as deleting admin rows and adding new admin users via crafted HTML forms. The PoC includes functional code to trigger these actions without user interaction.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: appRain CMF 3.0.2

No auth needed

Prerequisites: Victim must visit a malicious page or open a crafted HTML file

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026