EIP-2026-112718

PRE-CVE

Tinypug 0.9.5 - Cross-Site Request Forgery (Password Change)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112718. PoCs published by AmnPardaz.

AI-analyzed exploit summary This document provides a detailed technical analysis of multiple vulnerabilities in Tinypug 0.9.5, including CSRF and Stored XSS, with proof-of-concept exploit code and mitigation strategies.

Description

Tinypug 0.9.5 - Cross-Site Request Forgery (Password Change)

Exploits (1)

exploitdb WRITEUP VERIFIED

by AmnPardaz · textwebappsphp

https://www.exploit-db.com/exploits/11553

View Code ZIP pw:eip

This document provides a detailed technical analysis of multiple vulnerabilities in Tinypug 0.9.5, including CSRF and Stored XSS, with proof-of-concept exploit code and mitigation strategies.

Classification

Writeup 95%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: Tinypug 0.9.5

Auth required

Prerequisites: Victim must be logged into the target site · Attacker must lure victim to a malicious site

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026