EIP-2026-107931

PRE-CVE

Invision Power Board 2.1.7 - 'Debug' Remote Password Change

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107931. PoCs published by Rapigator.

AI-analyzed exploit summary This PHP script exploits a password change vulnerability in Invision Power Board (2.0.0 to 2.1.7) when debug mode is enabled. It automates the process of changing an existing user's password by leveraging debug output to extract registration IDs and codes.

Description

Invision Power Board 2.1.7 - 'Debug' Remote Password Change

Exploits (1)

exploitdb WORKING POC VERIFIED

by Rapigator · phpwebappsphp

https://www.exploit-db.com/exploits/2696

View Code ZIP pw:eip

This PHP script exploits a password change vulnerability in Invision Power Board (2.0.0 to 2.1.7) when debug mode is enabled. It automates the process of changing an existing user's password by leveraging debug output to extract registration IDs and codes.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Invision Power Board 2.0.0 to 2.1.7

No auth needed

Prerequisites: Debug Level set to 3 or SQL Debug Mode enabled in General Configuration

MITRE ATT&CK

T1110 - Brute Force T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026