EIP-2026-107532

PRE-CVE

Guppy CMS 5.0.9/5.00.10 - Authentication Bypass/Change Email

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107532. PoCs published by Brandon Murphy.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass and email change vulnerability in GuppY CMS versions 5.0.9 and 5.00.10. It leverages a flawed token mechanism and form manipulation to log in as any registered user and modify their email.

Description

Guppy CMS 5.0.9/5.00.10 - Authentication Bypass/Change Email

Exploits (1)

exploitdb WORKING POC

by Brandon Murphy · htmlwebappsphp

https://www.exploit-db.com/exploits/36098

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass and email change vulnerability in GuppY CMS versions 5.0.9 and 5.00.10. It leverages a flawed token mechanism and form manipulation to log in as any registered user and modify their email.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: GuppY CMS 5.0.9 & 5.00.10

No auth needed

Prerequisites: Target must have GuppY CMS 5.0.9 or 5.00.10 installed · Attacker must have access to the 'Become a member' page to extract the token

MITRE ATT&CK

T1189 - Drive-by Compromise T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026