EIP-2026-113216

PRE-CVE

Web Directory PRO - 'Admins.php' Change Admin Password

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113216. PoCs published by TiGeR-Dz.

AI-analyzed exploit summary This HTML form exploits an authentication bypass vulnerability in Web Directory PRO by submitting a crafted POST request to modify admin credentials without proper authorization. The exploit allows an attacker to change the password of an existing admin account (e.g., 'tiger.dz') by leveraging insecure direct object references.

Description

Web Directory PRO - 'Admins.php' Change Admin Password

Exploits (1)

exploitdb WORKING POC VERIFIED

by TiGeR-Dz · htmlwebappsphp

https://www.exploit-db.com/exploits/8876

View Code ZIP pw:eip

This HTML form exploits an authentication bypass vulnerability in Web Directory PRO by submitting a crafted POST request to modify admin credentials without proper authorization. The exploit allows an attacker to change the password of an existing admin account (e.g., 'tiger.dz') by leveraging insecure direct object references.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Web Directory PRO (version unspecified)

No auth needed

Prerequisites: Access to the target admin panel URL · Knowledge of an existing admin username

MITRE ATT&CK

T1189 - Drive-by Compromise T1078 - Valid Accounts

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026