EIP-2026-110332

PRE-CVE

OpenX Ad Server 2.8.7 - Cross-Site Request Forgery

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110332. PoCs published by Narendra Shinde.

AI-analyzed exploit summary This is a proof-of-concept for a CSRF vulnerability in OpenX Ad Server 2.8.7, allowing attackers to force authenticated administrators to perform unintended actions like deleting advertisers or unlinking users via crafted URLs.

Description

OpenX Ad Server 2.8.7 - Cross-Site Request Forgery

Exploits (1)

exploitdb WORKING POC

by Narendra Shinde · textwebappsphp

https://www.exploit-db.com/exploits/17571

View Code ZIP pw:eip

This is a proof-of-concept for a CSRF vulnerability in OpenX Ad Server 2.8.7, allowing attackers to force authenticated administrators to perform unintended actions like deleting advertisers or unlinking users via crafted URLs.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: OpenX Ad Server 2.8.7

Auth required

Prerequisites: Authenticated admin session · Victim interaction (clicking a malicious link)

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026