EIP-2026-107009

PRE-CVE

ezCourses - 'admin.asp' Security Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107009. PoCs published by J.O.

AI-analyzed exploit summary The exploit describes an authentication bypass vulnerability in ezCourses due to improper input validation. Attackers can manipulate the 'AdminID' and 'Master' parameters to add or change the admin account password without proper authorization.

Description

ezCourses - 'admin.asp' Security Bypass

Exploits (1)

exploitdb WRITEUP

by J.O · textwebappsphp

https://www.exploit-db.com/exploits/36197

View Code ZIP pw:eip

The exploit describes an authentication bypass vulnerability in ezCourses due to improper input validation. Attackers can manipulate the 'AdminID' and 'Master' parameters to add or change the admin account password without proper authorization.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: ezCourses (version unspecified)

No auth needed

Prerequisites: Access to the target application's admin interface

MITRE ATT&CK

T1110 - Brute Force T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026