EIP-2026-114576

PRE-CVE

ZaoCMS - Insecure Cookie Handling

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114576. PoCs published by ThE g0bL!N.

AI-analyzed exploit summary This exploit demonstrates an insecure cookie handling vulnerability in ZaoCMS, allowing an attacker to bypass authentication by setting an admin cookie via JavaScript. The PoC involves manipulating the cookie to gain unauthorized access to the admin panel.

Description

ZaoCMS - Insecure Cookie Handling

Exploits (1)

exploitdb WORKING POC VERIFIED

by ThE g0bL!N · textwebappsphp

https://www.exploit-db.com/exploits/8763

View Code ZIP pw:eip

This exploit demonstrates an insecure cookie handling vulnerability in ZaoCMS, allowing an attacker to bypass authentication by setting an admin cookie via JavaScript. The PoC involves manipulating the cookie to gain unauthorized access to the admin panel.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: ZaoCMS

No auth needed

Prerequisites: Access to the login page of the target ZaoCMS instance

MITRE ATT&CK

T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026