EIP-2026-107633

PRE-CVE

HostBill - 'cpupdate.php' Authentication Bypass

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107633. PoCs published by localhost.re.

AI-analyzed exploit summary The exploit demonstrates an authentication bypass vulnerability in HostBill by manipulating the 'do', 'filename', 'login_username', and 'password' parameters in a crafted URL. This allows unauthorized access to sensitive information stored in the application.

Description

HostBill - 'cpupdate.php' Authentication Bypass

Exploits (1)

exploitdb WORKING POC VERIFIED
by localhost.re · textwebappsphp
https://www.exploit-db.com/exploits/38628

The exploit demonstrates an authentication bypass vulnerability in HostBill by manipulating the 'do', 'filename', 'login_username', and 'password' parameters in a crafted URL. This allows unauthorized access to sensitive information stored in the application.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: HostBill 4.6.0
No auth needed
Prerequisites: Access to the target HostBill installation
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026