EIP-2026-112353
PRE-CVESourceBans 1.4.2 - Arbitrary Change Admin Email
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-112353. PoCs published by Mr. Anonymous.
AI-analyzed exploit summary The exploit demonstrates an authentication bypass vulnerability in Sourcebans (PHP) by allowing an attacker to change any admin's email address without verification, enabling password reset and full admin access. The vulnerability lies in the `ChangeEmail` function in `sb-callback.php`, which lacks proper ownership checks.
Description
SourceBans 1.4.2 - Arbitrary Change Admin Email
Exploits (1)
The exploit demonstrates an authentication bypass vulnerability in Sourcebans (PHP) by allowing an attacker to change any admin's email address without verification, enabling password reset and full admin access. The vulnerability lies in the `ChangeEmail` function in `sb-callback.php`, which lacks proper ownership checks.