EIP-2026-110951

PRE-CVE

phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure (Cookie Grabber)

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110951. PoCs published by Sjaak Rake.

AI-analyzed exploit summary This PHP script captures and logs HTTP cookies, IP addresses, timestamps, and referrer information from visitors. It demonstrates an information leakage vulnerability by exfiltrating sensitive session data to a local file.

Description

phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure (Cookie Grabber)

Exploits (1)

exploitdb WORKING POC VERIFIED
by Sjaak Rake · textwebappsphp
https://www.exploit-db.com/exploits/1103

This PHP script captures and logs HTTP cookies, IP addresses, timestamps, and referrer information from visitors. It demonstrates an information leakage vulnerability by exfiltrating sensitive session data to a local file.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Generic PHP web applications
No auth needed
Prerequisites: Web server with PHP support · Ability to upload or modify PHP files
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026