EIP-2026-109127

PRE-CVE

Light Blog Remote - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109127. PoCs published by BlackHawk.

AI-analyzed exploit summary This exploit targets multiple vulnerabilities in Light Blog, including authentication bypass, arbitrary file deletion, and XSS. It allows an attacker to create posts without authentication, deface the blog via XSS, or delete critical files like blog.php.

Description

Light Blog Remote - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by BlackHawk · phpwebappsphp

https://www.exploit-db.com/exploits/2658

View Code ZIP pw:eip

This exploit targets multiple vulnerabilities in Light Blog, including authentication bypass, arbitrary file deletion, and XSS. It allows an attacker to create posts without authentication, deface the blog via XSS, or delete critical files like blog.php.

Classification

Working Poc 95%

Attack Type

Auth Bypass | Xss | Other

Complexity

Trivial

Reliability

Reliable

Target: Light Blog (version not specified)

No auth needed

Prerequisites: Target server running Light Blog · Network access to the target

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026