EIP-2026-105539

PRE-CVE

BloofoxCMS - '/admin/index.php' Cross-Site Request Forgery (Add Admin)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105539. PoCs published by AtT4CKxT3rR0r1ST.

AI-analyzed exploit summary This HTML file demonstrates a CSRF vulnerability in bloofoxCMS 0.5.0, allowing an attacker to add an admin user by tricking an authenticated admin into visiting the page. The form submits automatically via JavaScript, exploiting lack of CSRF protection.

Description

BloofoxCMS - '/admin/index.php' Cross-Site Request Forgery (Add Admin)

Exploits (1)

exploitdb WORKING POC VERIFIED

by AtT4CKxT3rR0r1ST · htmlwebappsphp

https://www.exploit-db.com/exploits/39031

View Code ZIP pw:eip

This HTML file demonstrates a CSRF vulnerability in bloofoxCMS 0.5.0, allowing an attacker to add an admin user by tricking an authenticated admin into visiting the page. The form submits automatically via JavaScript, exploiting lack of CSRF protection.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: bloofoxCMS 0.5.0

Auth required

Prerequisites: Victim must be authenticated as an admin · Victim must visit the malicious page

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026