EIP-2026-110951
PRE-CVEphpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure (Cookie Grabber)
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-110951. PoCs published by Sjaak Rake.
AI-analyzed exploit summary This PHP script captures and logs HTTP cookies, IP addresses, timestamps, and referrer information from visitors. It demonstrates an information leakage vulnerability by exfiltrating sensitive session data to a local file.
Description
phpBB 2.0.16 - Cross-Site Scripting Remote Cookie Disclosure (Cookie Grabber)
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Sjaak Rake · textwebappsphp
https://www.exploit-db.com/exploits/1103
This PHP script captures and logs HTTP cookies, IP addresses, timestamps, and referrer information from visitors. It demonstrates an information leakage vulnerability by exfiltrating sensitive session data to a local file.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
Generic PHP web applications
No auth needed
Prerequisites:
Web server with PHP support · Ability to upload or modify PHP files
mistral-large-3 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026