EIP-2026-110213

PRE-CVE

OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110213. PoCs published by Mr Winst0n.

AI-analyzed exploit summary The exploit demonstrates multiple CSRF vulnerabilities in OOP CMS BLOG 1.0, allowing unauthorized actions such as deleting an admin, updating site metadata, and adding posts. The PoC consists of HTML forms that submit malicious requests when interacted with by an authenticated user.

Description

OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery

Exploits (1)

exploitdb WORKING POC

by Mr Winst0n · textwebappsphp

https://www.exploit-db.com/exploits/46483

View Code ZIP pw:eip

The exploit demonstrates multiple CSRF vulnerabilities in OOP CMS BLOG 1.0, allowing unauthorized actions such as deleting an admin, updating site metadata, and adding posts. The PoC consists of HTML forms that submit malicious requests when interacted with by an authenticated user.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: OOP CMS BLOG 1.0

Auth required

Prerequisites: Victim must be authenticated as an admin · Victim must be tricked into interacting with the malicious HTML forms

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026