EIP-2026-106668

PRE-CVE

e107 CMS 2.1.4 - Cross-Site Request Forgery

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106668. PoCs published by Zhiyang Zeng.

AI-analyzed exploit summary This is a functional CSRF PoC for e107 CMS 2.1.4, demonstrating how an attacker can uninstall plugins via forged requests. The exploit leverages missing CSRF tokens in the plugin management interface.

Description

e107 CMS 2.1.4 - Cross-Site Request Forgery

Exploits (1)

exploitdb WORKING POC

by Zhiyang Zeng · htmlwebappsphp

https://www.exploit-db.com/exploits/41844

View Code ZIP pw:eip

This is a functional CSRF PoC for e107 CMS 2.1.4, demonstrating how an attacker can uninstall plugins via forged requests. The exploit leverages missing CSRF tokens in the plugin management interface.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: e107 CMS 2.1.4

No auth needed

Prerequisites: Victim must be authenticated in the e107 admin panel · Victim must visit the malicious page

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026