EIP-2026-111319

PRE-CVE

Plague News System 0.7 - 'delete.php' Access Restriction Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111319. PoCs published by Easyex.

AI-analyzed exploit summary The exploit describes an access restriction bypass vulnerability in Plague News System, where the 'delete.php' script lacks proper sanity checks, allowing unauthorized deletion of comments, news, or shouts via crafted HTTP requests.

Description

Plague News System 0.7 - 'delete.php' Access Restriction Bypass

Exploits (1)

exploitdb WRITEUP VERIFIED

by Easyex · textwebappsphp

https://www.exploit-db.com/exploits/25937

View Code ZIP pw:eip

The exploit describes an access restriction bypass vulnerability in Plague News System, where the 'delete.php' script lacks proper sanity checks, allowing unauthorized deletion of comments, news, or shouts via crafted HTTP requests.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Plague News System

No auth needed

Prerequisites: Access to the target application's delete.php endpoint

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026