EIP-2026-101568

PRE-CVE

Black Box Kvm Extender 3.4.31307 - Local File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-101568. PoCs published by Ferhat Çil.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Black Box KVM Extender 3.4.31307. It allows unauthenticated users to read arbitrary files from the server by manipulating the 'page' parameter in the CGI script.

Description

Black Box Kvm Extender 3.4.31307 - Local File Inclusion

Exploits (1)

exploitdb WORKING POC

by Ferhat Çil · pythonwebappshardware

https://www.exploit-db.com/exploits/50100

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Black Box KVM Extender 3.4.31307. It allows unauthenticated users to read arbitrary files from the server by manipulating the 'page' parameter in the CGI script.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Black Box KVM Extender 3.4.31307

No auth needed

Prerequisites: Network access to the target server · Target running Black Box KVM Extender 3.4.31307

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026