EIP-2026-110968

PRE-CVE

phpBB 2.0.x - Authentication Bypass (3)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110968. PoCs published by overdose.

AI-analyzed exploit summary This exploit targets an authentication bypass vulnerability in phpBB 2.0.12 and earlier. It leverages improper input sanitization during authentication to gain unauthorized access, potentially to administrative accounts. The code includes a custom socket-based HTTP client to interact with the vulnerable phpBB instance.

Description

phpBB 2.0.x - Authentication Bypass (3)

Exploits (1)

exploitdb WORKING POC VERIFIED

by overdose · c++webappsphp

https://www.exploit-db.com/exploits/25170

View Code ZIP pw:eip

This exploit targets an authentication bypass vulnerability in phpBB 2.0.12 and earlier. It leverages improper input sanitization during authentication to gain unauthorized access, potentially to administrative accounts. The code includes a custom socket-based HTTP client to interact with the vulnerable phpBB instance.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: phpBB 2.0.12 and earlier

No auth needed

Prerequisites: Network access to the target phpBB instance · Knowledge of a valid username

MITRE ATT&CK

T1110 - Brute Force T1078 - Valid Accounts

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026