EIP-2026-112883

PRE-CVE

Ultimate PHP Board 2.2.7 - Broken Authentication and Session Management

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112883. PoCs published by i2sec.

AI-analyzed exploit summary This advisory describes a broken authentication and session management vulnerability in Ultimate PHP Board 2.2.7, allowing an attacker to delete arbitrary files by manipulating request parameters. The writeup includes technical details such as HTTP request analysis and parameter tampering steps.

Description

Ultimate PHP Board 2.2.7 - Broken Authentication and Session Management

Exploits (1)

exploitdb WRITEUP

by i2sec · textwebappsphp

https://www.exploit-db.com/exploits/17307

View Code ZIP pw:eip

This advisory describes a broken authentication and session management vulnerability in Ultimate PHP Board 2.2.7, allowing an attacker to delete arbitrary files by manipulating request parameters. The writeup includes technical details such as HTTP request analysis and parameter tampering steps.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Ultimate PHP Board 2.2.7

No auth needed

Prerequisites: Access to the target application · Knowledge of file IDs and post IDs

MITRE ATT&CK

T1189 - Drive-by Compromise T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026