EIP-2026-109436

This exploit demonstrates a CSRF vulnerability in Mevin Basic PHP Events Lister v2.03, allowing an attacker to add or delete admin users via crafted HTML forms. The PoC includes two forms: one for adding an admin with predefined credentials and another for deleting an admin by ID.