EIP-2026-112353

PRE-CVE

SourceBans 1.4.2 - Arbitrary Change Admin Email

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112353. PoCs published by Mr. Anonymous.

AI-analyzed exploit summary The exploit demonstrates an authentication bypass vulnerability in Sourcebans (PHP) by allowing an attacker to change any admin's email address without verification, enabling password reset and full admin access. The vulnerability lies in the `ChangeEmail` function in `sb-callback.php`, which lacks proper ownership checks.

Description

SourceBans 1.4.2 - Arbitrary Change Admin Email

Exploits (1)

exploitdb WORKING POC VERIFIED
by Mr. Anonymous · textwebappsphp
https://www.exploit-db.com/exploits/8998

The exploit demonstrates an authentication bypass vulnerability in Sourcebans (PHP) by allowing an attacker to change any admin's email address without verification, enabling password reset and full admin access. The vulnerability lies in the `ChangeEmail` function in `sb-callback.php`, which lacks proper ownership checks.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Sourcebans <= 1.4.2
No auth needed
Prerequisites: Access to the target application's interface or API
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026