EIP-2026-110453
PRE-CVEPandora Fms 3.2.1 - Cross-Site Request Forgery
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-110453. PoCs published by mehdi boukazoula.
AI-analyzed exploit summary This exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS v3.2.1, allowing an attacker to modify user details (e.g., password, email) by tricking an authenticated administrator into submitting a crafted HTML form.
Description
Pandora Fms 3.2.1 - Cross-Site Request Forgery
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by mehdi boukazoula · htmlwebappsphp
https://www.exploit-db.com/exploits/17524
This exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in Pandora FMS v3.2.1, allowing an attacker to modify user details (e.g., password, email) by tricking an authenticated administrator into submitting a crafted HTML form.
Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
Pandora FMS v3.2.1
Auth required
Prerequisites:
Authenticated administrator session · Victim interaction (e.g., clicking a link)
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026