EIP-2026-113419

PRE-CVE

WHMCS 5.0 - Insecure Cookie Authentication Bypass

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113419. PoCs published by Agd_Scorp.

AI-analyzed exploit summary The provided text describes an authentication-bypass vulnerability in WHMCS versions 5.0 and 5.1, where inadequate verification of user-supplied input for cookie-based authentication allows attackers to gain administrative access. The example URL suggests a potential exploit path but lacks executable code.

Description

WHMCS 5.0 - Insecure Cookie Authentication Bypass

Exploits (1)

exploitdb WRITEUP VERIFIED
by Agd_Scorp · textwebappsphp
https://www.exploit-db.com/exploits/38166

The provided text describes an authentication-bypass vulnerability in WHMCS versions 5.0 and 5.1, where inadequate verification of user-supplied input for cookie-based authentication allows attackers to gain administrative access. The example URL suggests a potential exploit path but lacks executable code.

Classification
Writeup 80%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Theoretical
Target: WHMCS 5.0, 5.1
No auth needed
Prerequisites: Access to the login page · Ability to manipulate cookies or URL parameters
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026