EIP-2026-106009

The exploit demonstrates a CSRF vulnerability in CMScout 2.09 by crafting a malicious form submission to 'admin.php' that modifies user group permissions without proper request origin verification. The PoC includes a hidden form and JavaScript to auto-submit the request, exploiting the lack of anti-CSRF tokens.