EIP-2026-110966

PRE-CVE

phpBB 2.0.x - Authentication Bypass (1)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110966. PoCs published by Paisterist.

AI-analyzed exploit summary This exploit modifies the user ID in the cookies.txt file to bypass authentication in phpBB. It overwrites the cookie data to impersonate another user, including the administrator.

Description

phpBB 2.0.x - Authentication Bypass (1)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Paisterist · cwebappsphp

https://www.exploit-db.com/exploits/25168

View Code ZIP pw:eip

This exploit modifies the user ID in the cookies.txt file to bypass authentication in phpBB. It overwrites the cookie data to impersonate another user, including the administrator.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: phpBB 2.0.12 and earlier

No auth needed

Prerequisites: Access to the victim's cookies.txt file · User must have logged in with autologin disabled

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026