EIP-2026-107729

PRE-CVE

ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Deletion

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107729. PoCs published by Devansh Bordia.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in ICEHRM 31.0.0.OS, allowing an attacker to delete arbitrary user accounts by tricking a victim into submitting a crafted HTML form. The PoC includes a functional HTML form that sends a POST request to delete a user without requiring a CSRF token.

Description

ICEHRM 31.0.0.0S - Cross-site Request Forgery (CSRF) to Account Deletion

Exploits (1)

exploitdb WORKING POC
by Devansh Bordia · textwebappsphp
https://www.exploit-db.com/exploits/50855

This exploit demonstrates a CSRF vulnerability in ICEHRM 31.0.0.OS, allowing an attacker to delete arbitrary user accounts by tricking a victim into submitting a crafted HTML form. The PoC includes a functional HTML form that sends a POST request to delete a user without requiring a CSRF token.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: ICEHRM 31.0.0.OS
No auth needed
Prerequisites: Victim must be authenticated in the same browser session · Attacker must know the target user ID
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026