EIP-2026-107593

PRE-CVE

HIOX Random Ad 1.3 - Arbitrary Add Admin

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107593. PoCs published by Stack.

AI-analyzed exploit summary This exploit allows an attacker to create an arbitrary admin user in HIOX Random Ad 1.3 by overwriting the admin password file. It writes a new username and MD5-hashed password to the target file, effectively bypassing authentication.

Description

HIOX Random Ad 1.3 - Arbitrary Add Admin

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stack · phpwebappsphp

https://www.exploit-db.com/exploits/6166

View Code ZIP pw:eip

This exploit allows an attacker to create an arbitrary admin user in HIOX Random Ad 1.3 by overwriting the admin password file. It writes a new username and MD5-hashed password to the target file, effectively bypassing authentication.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: HIOX Random Ad 1.3

No auth needed

Prerequisites: Target must have HIOX Random Ad 1.3 installed · File permissions must allow writing to admin/passwo.php

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1552.001 - Credentials In Files

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026