EIP-2026-107167

PRE-CVE

FMyLife Clone Script (Pro Edition) 1.1 - Cross-Site Request Forgery (Add Admin)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107167. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in FMyLife Clone Script (Pro Edition) 1.1, allowing an attacker to add an administrator account without proper authorization. The PoC provides a simple HTML form that submits a POST request to the admin endpoint to create a new admin user.

Description

FMyLife Clone Script (Pro Edition) 1.1 - Cross-Site Request Forgery (Add Admin)

Exploits (1)

exploitdb WORKING POC

by Ihsan Sencan · htmlwebappsphp

https://www.exploit-db.com/exploits/41007

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in FMyLife Clone Script (Pro Edition) 1.1, allowing an attacker to add an administrator account without proper authorization. The PoC provides a simple HTML form that submits a POST request to the admin endpoint to create a new admin user.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: FMyLife Clone Script (Pro Edition) 1.1

No auth needed

Prerequisites: Access to the target application's admin endpoint

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026