EIP-2026-110519

PRE-CVE

PBlang 4.66z - Remote Create Admin

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110519. PoCs published by Hessam-x.

AI-analyzed exploit summary This exploit targets PBlang 4.66z by injecting malicious code into the 'aim' field during user registration and profile update, granting admin privileges. It automates registration, login, and privilege escalation via crafted HTTP POST requests.

Description

PBlang 4.66z - Remote Create Admin

Exploits (1)

exploitdb WORKING POC VERIFIED

by Hessam-x · perlwebappsphp

https://www.exploit-db.com/exploits/3569

View Code ZIP pw:eip

This exploit targets PBlang 4.66z by injecting malicious code into the 'aim' field during user registration and profile update, granting admin privileges. It automates registration, login, and privilege escalation via crafted HTTP POST requests.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: PBlang 4.66z

No auth needed

Prerequisites: Target PBlang 4.66z installation · Network access to the target

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026