EIP-2026-107914

PRE-CVE

Invision Power Board (IP.Board) 2.3.5 - Multiple Vulnerabilities (2)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107914. PoCs published by DarkFig.

AI-analyzed exploit summary This PHP script exploits a session hijacking vulnerability in Invision Power Board (IPB) by brute-forcing session IDs, bypassing IP/User-Agent filters, and executing arbitrary code via admin sessions. It includes functionality for SQL password brute-forcing and user password cracking.

Description

Invision Power Board (IP.Board) 2.3.5 - Multiple Vulnerabilities (2)

Exploits (1)

exploitdb WORKING POC VERIFIED

by DarkFig · phpwebappsphp

https://www.exploit-db.com/exploits/6325

View Code ZIP pw:eip

This PHP script exploits a session hijacking vulnerability in Invision Power Board (IPB) by brute-forcing session IDs, bypassing IP/User-Agent filters, and executing arbitrary code via admin sessions. It includes functionality for SQL password brute-forcing and user password cracking.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Invision Power Board (IPB)

No auth needed

Prerequisites: Access to the target IPB instance · Valid session IDs or credentials for brute-forcing

MITRE ATT&CK

T1110 - Brute Force T1557 - Adversary-in-the-Middle T1078 - Valid Accounts

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026