EIP-2026-108118

PRE-CVE

Jobscript4Web 3.5 - Multiple Cross-Site Request Forgery Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108118. PoCs published by bi0.

AI-analyzed exploit summary This exploit demonstrates multiple CSRF vulnerabilities in Jobscript4Web 3.5, allowing an attacker to create an admin account or change the admin password via crafted HTML forms. The PoC is straightforward and functional for the described attack vectors.

Description

Jobscript4Web 3.5 - Multiple Cross-Site Request Forgery Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by bi0 · textwebappsphp

https://www.exploit-db.com/exploits/10516

View Code ZIP pw:eip

This exploit demonstrates multiple CSRF vulnerabilities in Jobscript4Web 3.5, allowing an attacker to create an admin account or change the admin password via crafted HTML forms. The PoC is straightforward and functional for the described attack vectors.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Jobscript4Web 3.5

No auth needed

Prerequisites: Victim must visit a malicious webpage while authenticated as an admin

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026