EIP-2026-111793

PRE-CVE

RoomPHPlanning 1.6 - 'userform.php' Create Admin User

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111793. PoCs published by Jonathan Salwan.

AI-analyzed exploit summary This Perl script exploits an authentication bypass vulnerability in RoomPHPlanning v1.x by sending a crafted HTTP request to create an admin user with arbitrary credentials. It automates form submission to '/admin/userform.php' with predefined values for 'name', 'login', 'pwd', and 'rank'.

Description

RoomPHPlanning 1.6 - 'userform.php' Create Admin User

Exploits (1)

exploitdb WORKING POC VERIFIED

by Jonathan Salwan · perlwebappsphp

https://www.exploit-db.com/exploits/8198

View Code ZIP pw:eip

This Perl script exploits an authentication bypass vulnerability in RoomPHPlanning v1.x by sending a crafted HTTP request to create an admin user with arbitrary credentials. It automates form submission to '/admin/userform.php' with predefined values for 'name', 'login', 'pwd', and 'rank'.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: RoomPHPlanning v1.x

No auth needed

Prerequisites: Network access to the target application · The '/admin/userform.php' endpoint must be accessible

MITRE ATT&CK

T1110.001 - Password Guessing T1078 - Valid Accounts

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026