EIP-2026-106443

PRE-CVE

Diferior CMS 8.03 - Multiple Cross-Site Request Forgery Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106443. PoCs published by 10n1z3d.

AI-analyzed exploit summary This exploit demonstrates multiple CSRF vulnerabilities in Diferior CMS 8.03, allowing an attacker to change admin passwords, emails, ban users, or log out users via crafted HTML forms. The PoC is functional and requires no authentication, relying on social engineering to trick victims into visiting malicious pages.

Description

Diferior CMS 8.03 - Multiple Cross-Site Request Forgery Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by 10n1z3d · htmlwebappsphp

https://www.exploit-db.com/exploits/14353

View Code ZIP pw:eip

This exploit demonstrates multiple CSRF vulnerabilities in Diferior CMS 8.03, allowing an attacker to change admin passwords, emails, ban users, or log out users via crafted HTML forms. The PoC is functional and requires no authentication, relying on social engineering to trick victims into visiting malicious pages.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Diferior CMS 8.03

No auth needed

Prerequisites: Victim must be authenticated in the target application · Victim must visit a malicious page hosting the PoC

MITRE ATT&CK

T1556.002 - Password Filter DLL

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026