EIP-2026-110945

PRE-CVE

phpBB 2.0.12 - Session Handling Authentication Bypass (tutorial)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110945. PoCs published by PPC.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in phpBB by manipulating the serialized cookie data to escalate privileges to admin. The attacker modifies the 'userid' field in the cookie to match the admin's user ID.

Description

phpBB 2.0.12 - Session Handling Authentication Bypass (tutorial)

Exploits (1)

exploitdb WORKING POC VERIFIED

by PPC · textwebappsphp

https://www.exploit-db.com/exploits/858

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in phpBB by manipulating the serialized cookie data to escalate privileges to admin. The attacker modifies the 'userid' field in the cookie to match the admin's user ID.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: phpBB (version not specified)

Auth required

Prerequisites: Valid user account on the target forum · Access to the victim's cookie file

MITRE ATT&CK

T1550.004 - Web Session Cookie

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026