EIP-2026-112376

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112376. PoCs published by Lorenzo Hernandez Garcia-Hierro.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Sphera HostingDirector VDS Control Panel by spoofing HTTP referrer data, allowing arbitrary modifications to account configurations. The attack involves sending a crafted HTTP request to disable services or restart VDS instances without proper authentication.

Description

Sphera HostingDirector 1.0/2.0/3.0 - VDS Control Panel Account Configuration Modification

Exploits (1)

exploitdb WORKING POC VERIFIED

by Lorenzo Hernandez Garcia-Hierro · textwebappsphp

https://www.exploit-db.com/exploits/22760

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in Sphera HostingDirector VDS Control Panel by spoofing HTTP referrer data, allowing arbitrary modifications to account configurations. The attack involves sending a crafted HTTP request to disable services or restart VDS instances without proper authentication.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Sphera HostingDirector VDS Control Panel

No auth needed

Prerequisites: Network access to the target server · Knowledge of the installation path

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Sphera HostingDirector 1.0/2.0/3.0 - VDS Control Panel Account Configuration Modification

Exploitation Summary

Description

Exploits (1)

Details