EIP-2026-112510
PRE-CVESweetRice 1.5.1 - Cross-Site Request Forgery / PHP Code Execution
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-112510. PoCs published by Ashiyane Digital Security Team.
AI-analyzed exploit summary This exploit leverages a CSRF vulnerability in SweetRice CMS 1.5.1 to execute arbitrary PHP code by submitting a malicious ad form. The payload is embedded in the ad content and saved as a PHP file, leading to remote code execution.
Description
SweetRice 1.5.1 - Cross-Site Request Forgery / PHP Code Execution
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Ashiyane Digital Security Team · htmlwebappsphp
https://www.exploit-db.com/exploits/40700
This exploit leverages a CSRF vulnerability in SweetRice CMS 1.5.1 to execute arbitrary PHP code by submitting a malicious ad form. The payload is embedded in the ad content and saved as a PHP file, leading to remote code execution.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:
SweetRice CMS 1.5.1
No auth needed
Prerequisites:
Target must be running SweetRice CMS 1.5.1 · Attacker must trick an admin into visiting the malicious HTML page
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026