EIP-2026-109670

PRE-CVE

My Little Forum 2.3.7 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109670. PoCs published by Ashiyane Digital Security Team.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in My Little Forum 2.3.7, including CSRF, stored XSS, and backup disclosure. It provides PoC forms to exploit these vulnerabilities, requiring admin access for some attacks.

Description

My Little Forum 2.3.7 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ashiyane Digital Security Team · textwebappsphp

https://www.exploit-db.com/exploits/40676

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in My Little Forum 2.3.7, including CSRF, stored XSS, and backup disclosure. It provides PoC forms to exploit these vulnerabilities, requiring admin access for some attacks.

Classification

Working Poc 90%

Attack Type

Xss | Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: My Little Forum 2.3.7

Auth required

Prerequisites: Admin access to the forum · Ability to submit forms to the target application

MITRE ATT&CK

T1189 - Drive-by Compromise T1566.002 - Spearphishing Link T1222 - File and Directory Permissions Modification

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026