EIP-2026-111563

PRE-CVE

psipuss 1.0 - 'editusers.php' Remote Change Admin Password

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111563. PoCs published by Dj7xpl.

AI-analyzed exploit summary This PHP script exploits an SQL injection vulnerability in psipuss version 1.0 by sending a crafted POST request to update user credentials without proper sanitization. The exploit allows an attacker to change the password of any user by manipulating the Uid parameter.

Description

psipuss 1.0 - 'editusers.php' Remote Change Admin Password

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dj7xpl · phpwebappsphp

https://www.exploit-db.com/exploits/3820

View Code ZIP pw:eip

This PHP script exploits an SQL injection vulnerability in psipuss version 1.0 by sending a crafted POST request to update user credentials without proper sanitization. The exploit allows an attacker to change the password of any user by manipulating the Uid parameter.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: psipuss version 1.0

No auth needed

Prerequisites: Network access to the target application · Knowledge of a valid user ID

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026