EIP-2026-109612

PRE-CVE

MRCGIGUY The Ticket System 2.0 - Insecure Cookie Handling

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109612. PoCs published by TiGeR-Dz.

AI-analyzed exploit summary This exploit demonstrates an insecure cookie handling vulnerability in The Ticket System PHP Version 2.0, allowing an attacker to set an admin cookie via JavaScript to bypass authentication.

Description

MRCGIGUY The Ticket System 2.0 - Insecure Cookie Handling

Exploits (1)

exploitdb WORKING POC VERIFIED

by TiGeR-Dz · textwebappsphp

https://www.exploit-db.com/exploits/8687

View Code ZIP pw:eip

This exploit demonstrates an insecure cookie handling vulnerability in The Ticket System PHP Version 2.0, allowing an attacker to set an admin cookie via JavaScript to bypass authentication.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: The Ticket System PHP Version 2.0

No auth needed

Prerequisites: Victim must execute the provided JavaScript snippet

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026