EIP-2026-110247

PRE-CVE

openauto 1.6.3 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110247. PoCs published by Michael Brooks.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in OpenAuto 1.6.3, including XSS, XSRF, Blind SQLi, and Captcha bypass. It provides functional PoC code for each vulnerability, including curl commands and HTML forms.

Description

openauto 1.6.3 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by Michael Brooks · textwebappsphp

https://www.exploit-db.com/exploits/15825

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in OpenAuto 1.6.3, including XSS, XSRF, Blind SQLi, and Captcha bypass. It provides functional PoC code for each vulnerability, including curl commands and HTML forms.

Classification

Working Poc 100%

Attack Type

Xss | Sqli | Auth Bypass | Other

Complexity

Moderate

Reliability

Reliable

Target: OpenAuto 1.6.3

Auth required

Prerequisites: Access to the target application · User account for Blind SQLi · Dealer account for editing listings

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026