EIP-2026-112267

PRE-CVE

sNews CMS 1.7.1 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112267. PoCs published by hyp3rlinx.

AI-analyzed exploit summary The exploit demonstrates a persistent RCE vulnerability in sNews CMS v1.7.1 via CSRF, allowing arbitrary command execution through crafted article submissions. It also includes CSRF for account hijacking and arbitrary file deletion, along with persistent XSS.

Description

sNews CMS 1.7.1 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · textwebappsphp

https://www.exploit-db.com/exploits/39976

View Code ZIP pw:eip

The exploit demonstrates a persistent RCE vulnerability in sNews CMS v1.7.1 via CSRF, allowing arbitrary command execution through crafted article submissions. It also includes CSRF for account hijacking and arbitrary file deletion, along with persistent XSS.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: sNews CMS v1.7.1

Auth required

Prerequisites: Authenticated user session · Victim interaction (e.g., visiting a malicious page)

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026