EIP-2026-118758

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-118758. PoCs published by Michael Brooks.

AI-analyzed exploit summary This exploit demonstrates a cross-site request forgery (XSRF) vulnerability in ManageEngine Firewall Analyzer 5.0.0, allowing arbitrary SQL query execution and administrative account creation via crafted HTML forms. The PoC includes XSS payloads within SQL queries and automated form submission via JavaScript.

Description

ManageEngine Firewall Analyzer 5 - Cross-Site Request Forgery / Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by Michael Brooks · textremotewindows

https://www.exploit-db.com/exploits/7918

View Code ZIP pw:eip

This exploit demonstrates a cross-site request forgery (XSRF) vulnerability in ManageEngine Firewall Analyzer 5.0.0, allowing arbitrary SQL query execution and administrative account creation via crafted HTML forms. The PoC includes XSS payloads within SQL queries and automated form submission via JavaScript.

Classification

Working Poc 95%

Attack Type

Xss | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: ManageEngine Firewall Analyzer 5.0.0 (Build 5000)

No auth needed

Prerequisites: Victim interaction (e.g., visiting a malicious page) · Network access to the target application

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

ManageEngine Firewall Analyzer 5 - Cross-Site Request Forgery / Cross-Site Scripting

Exploitation Summary

Description

Exploits (1)

Details