EIP-2026-107927

PRE-CVE

Invision Power Board 1.x?/2.x/3.x - Admin Takeover

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107927. PoCs published by John JEAN.

AI-analyzed exploit summary This is a detailed technical analysis of a logical vulnerability in Invision Power Board (IPB) that allows an attacker to take over an admin account by exploiting improper email address sanitization and MySQL truncation behavior. The writeup includes root cause analysis, affected functions, and exploitation steps.

Description

Invision Power Board 1.x?/2.x/3.x - Admin Takeover

Exploits (1)

exploitdb WRITEUP VERIFIED
by John JEAN · textwebappsphp
https://www.exploit-db.com/exploits/25441

This is a detailed technical analysis of a logical vulnerability in Invision Power Board (IPB) that allows an attacker to take over an admin account by exploiting improper email address sanitization and MySQL truncation behavior. The writeup includes root cause analysis, affected functions, and exploitation steps.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Invision Power Board <= 3.4.4
No auth needed
Prerequisites: Administrator's email address · Administrator's login name
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026