EIP-2026-112712

PRE-CVE

TinyPHP Forum 3.6 - 'makeAdmin' Remote Admin Maker

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112712. PoCs published by SirDarckCat.

AI-analyzed exploit summary This exploit leverages a hidden file upload and form manipulation to elevate an existing user to admin status in TinyPHPForum 3.6. The JavaScript prompts the attacker to input the target path, then submits the crafted form to 'updatepf.php'.

Description

TinyPHP Forum 3.6 - 'makeAdmin' Remote Admin Maker

Exploits (1)

exploitdb WORKING POC VERIFIED

by SirDarckCat · htmlwebappsphp

https://www.exploit-db.com/exploits/2114

View Code ZIP pw:eip

This exploit leverages a hidden file upload and form manipulation to elevate an existing user to admin status in TinyPHPForum 3.6. The JavaScript prompts the attacker to input the target path, then submits the crafted form to 'updatepf.php'.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: TinyPHPForum 3.6

Auth required

Prerequisites: Valid existing username in the forum · Access to the forum's updatepf.php endpoint

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026