EIP-2026-114383

PRE-CVE

WPN-XM Serverstack 0.8.6 - Cross-Site Request Forgery

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114383. PoCs published by hyp3rlinx.

AI-analyzed exploit summary The exploit demonstrates a CSRF vulnerability in WPN-XM Serverstack for Windows, allowing attackers to modify PHP.INI settings and MySQL credentials via crafted HTML forms. The PoC includes functional code to hijack MySQL default settings and enable dangerous PHP configurations like 'allow_url_include'.

Description

WPN-XM Serverstack 0.8.6 - Cross-Site Request Forgery

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · textwebappsphp

https://www.exploit-db.com/exploits/39678

View Code ZIP pw:eip

The exploit demonstrates a CSRF vulnerability in WPN-XM Serverstack for Windows, allowing attackers to modify PHP.INI settings and MySQL credentials via crafted HTML forms. The PoC includes functional code to hijack MySQL default settings and enable dangerous PHP configurations like 'allow_url_include'.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: WPN-XM Serverstack for Windows - Version 0.8.6

Auth required

Prerequisites: Victim must be authenticated in the WPN-XM web interface · Victim must visit a malicious webpage or click a crafted link

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026