EIP-2026-107065

PRE-CVE

FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107065. PoCs published by Ahmed Elhady Mohamed.

AI-analyzed exploit summary This exploit demonstrates multiple CSRF vulnerabilities in FCMS 2.7.2, allowing attackers to perform unauthorized actions such as adding news or prayers via crafted HTML forms. The PoC includes auto-submitting forms embedded in iframes to trigger the CSRF attacks.

Description

FCMS CMS 2.7.2 - Multiple Cross-Site Request Forgery Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED
by Ahmed Elhady Mohamed · textwebappsphp
https://www.exploit-db.com/exploits/18232

This exploit demonstrates multiple CSRF vulnerabilities in FCMS 2.7.2, allowing attackers to perform unauthorized actions such as adding news or prayers via crafted HTML forms. The PoC includes auto-submitting forms embedded in iframes to trigger the CSRF attacks.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: FCMS 2.7.2 and earlier
No auth needed
Prerequisites: Victim must visit a malicious page hosting the exploit · Target application must be accessible to the victim
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026