EIP-2026-111947

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111947. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in ScriptCase, including CSRF-based remote command execution, SQL injection, XSS, and local privilege escalation via insecure file permissions. The PoC includes functional examples for adding system users, executing arbitrary commands, and bypassing authentication.

Description

ScriptCase 8.1.053 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by hyp3rlinx · textwebappsphp

https://www.exploit-db.com/exploits/40791

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in ScriptCase, including CSRF-based remote command execution, SQL injection, XSS, and local privilege escalation via insecure file permissions. The PoC includes functional examples for adding system users, executing arbitrary commands, and bypassing authentication.

Classification

Working Poc 95%

Attack Type

Rce | Sqli | Xss | Auth Bypass | Lpe

Complexity

Moderate

Reliability

Reliable

Target: ScriptCase v8.1.053, v8.1.051, v8.1.43.0

Auth required

Prerequisites: Authenticated user session for CSRF attacks · Network access to the target application · Windows environment for RCE examples

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

ScriptCase 8.1.053 - Multiple Vulnerabilities

Exploitation Summary

Description

Exploits (1)

Details