EIP-2026-107630

PRE-CVE

Host Directory PRO 2.1.0 - Remote Change Admin Password

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107630. PoCs published by TiGeR-Dz.

AI-analyzed exploit summary This HTML form exploits an authentication bypass vulnerability in Host Directory PRO 2.1.0 by allowing an attacker to change the admin password without prior authentication. The form submits directly to the admin configuration endpoint, demonstrating a critical flaw in access control.

Description

Host Directory PRO 2.1.0 - Remote Change Admin Password

Exploits (1)

exploitdb WORKING POC VERIFIED

by TiGeR-Dz · htmlwebappsphp

https://www.exploit-db.com/exploits/8879

View Code ZIP pw:eip

This HTML form exploits an authentication bypass vulnerability in Host Directory PRO 2.1.0 by allowing an attacker to change the admin password without prior authentication. The form submits directly to the admin configuration endpoint, demonstrating a critical flaw in access control.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Host Directory PRO 2.1.0

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1110.001 - Password Guessing T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026