EIP-2026-114403

PRE-CVE

X7CHAT 1.3.6b - Arbitrary Add Admin

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114403. PoCs published by d4rk-h4ck3r.

AI-analyzed exploit summary This exploit leverages an improper access control vulnerability in X7 Chat 1.3.6b's install.php script, allowing an attacker to bypass installation steps and create an administrator account. The exploit involves manipulating the 'step' parameter to skip validation and directly access the admin account creation step.

Description

X7CHAT 1.3.6b - Arbitrary Add Admin

Exploits (1)

exploitdb WORKING POC VERIFIED

by d4rk-h4ck3r · textwebappsphp

https://www.exploit-db.com/exploits/10931

View Code ZIP pw:eip

This exploit leverages an improper access control vulnerability in X7 Chat 1.3.6b's install.php script, allowing an attacker to bypass installation steps and create an administrator account. The exploit involves manipulating the 'step' parameter to skip validation and directly access the admin account creation step.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: X7 Chat 1.3.6b

No auth needed

Prerequisites: install.php file must be accessible on the target server

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026