EIP-2026-110761

PRE-CVE

PHP Server Monitor 3.3.1 - Cross-Site Request Forgery

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110761. PoCs published by Javier Olmedo.

AI-analyzed exploit summary This exploit demonstrates Cross-Site Request Forgery (CSRF) vulnerabilities in PHP Server Monitor 3.3.1, allowing an attacker to delete users, servers, or logs via crafted URLs or HTML forms. The PoC includes methods to trick victims into executing unintended actions without their consent.

Description

PHP Server Monitor 3.3.1 - Cross-Site Request Forgery

Exploits (1)

exploitdb WORKING POC

by Javier Olmedo · textwebappsphp

https://www.exploit-db.com/exploits/45932

View Code ZIP pw:eip

This exploit demonstrates Cross-Site Request Forgery (CSRF) vulnerabilities in PHP Server Monitor 3.3.1, allowing an attacker to delete users, servers, or logs via crafted URLs or HTML forms. The PoC includes methods to trick victims into executing unintended actions without their consent.

Classification

Working Poc 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: PHP Server Monitor 3.3.1 and possibly earlier versions

No auth needed

Prerequisites: Victim must be authenticated and tricked into clicking a malicious link or submitting a form

MITRE ATT&CK

T1566.002 - Spearphishing Link T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026