EIP-2026-107922

PRE-CVE

Invision Power Board (IP.Board) < 1.3.1 - Design Error

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107922. PoCs published by GulfTech Security.

AI-analyzed exploit summary This is a writeup describing an IP spoofing vulnerability in IP.Board due to improper handling of the X_FORWARDED_FOR HTTP header. The vulnerability allows users to spoof their IP address, potentially bypassing IP-based security measures.

Description

Invision Power Board (IP.Board) < 1.3.1 - Design Error

Exploits (1)

exploitdb WRITEUP

by GulfTech Security · textwebappsphp

https://www.exploit-db.com/exploits/43813

View Code ZIP pw:eip

This is a writeup describing an IP spoofing vulnerability in IP.Board due to improper handling of the X_FORWARDED_FOR HTTP header. The vulnerability allows users to spoof their IP address, potentially bypassing IP-based security measures.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Invision Power Board (IP.Board) <= 1.3.1

No auth needed

Prerequisites: Ability to send HTTP requests with custom headers

MITRE ATT&CK

T1036 - Masquerading

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026