Exploitation Summary
EIP tracks 1 public exploit for CVE-2026-22356. PoCs published by xxconi.
AI-analyzed exploit summary The repository provides a technical analysis of CVE-2026-22356, detailing a path traversal vulnerability in Jetpack CRM leading to RCE via log poisoning. It includes a code snippet demonstrating the vulnerability and explains the patch applied in version 6.7.1.
Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue affects Jetpack CRM: from n/a through <= 6.7.0.
Exploits (1)
The repository provides a technical analysis of CVE-2026-22356, detailing a path traversal vulnerability in Jetpack CRM leading to RCE via log poisoning. It includes a code snippet demonstrating the vulnerability and explains the patch applied in version 6.7.1.
References (1)
Scores
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H