EIP-2026-106717

PRE-CVE

EasyITSP - 'customers_edit.php' Authentication Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106717. PoCs published by Michal Blaszczak.

AI-analyzed exploit summary This exploit bypasses authentication in EasyITSP 2.0.2 by manipulating cookies and iterating through customer IDs to extract sensitive information such as usernames, passwords, and credit card details.

Description

EasyITSP - 'customers_edit.php' Authentication Bypass

Exploits (1)

exploitdb WORKING POC VERIFIED

by Michal Blaszczak · phpwebappsphp

https://www.exploit-db.com/exploits/37983

View Code ZIP pw:eip

This exploit bypasses authentication in EasyITSP 2.0.2 by manipulating cookies and iterating through customer IDs to extract sensitive information such as usernames, passwords, and credit card details.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: EasyITSP 2.0.2

No auth needed

Prerequisites: Access to the target URL · Valid range of customer IDs

MITRE ATT&CK

T1189 - Drive-by Compromise T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026