EIP-2026-104804

PRE-CVE

1024 CMS 1.4.4 - Multiple Local/Remote File Inclusions

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104804. PoCs published by DSecRG.

AI-analyzed exploit summary This advisory details multiple Remote/Local File Include vulnerabilities in 1024 CMS versions 1.4.3 and 1.4.4 RFC. It provides technical analysis of vulnerable code snippets and example exploit URLs, demonstrating path traversal and arbitrary file inclusion via user-controlled parameters.

Description

1024 CMS 1.4.4 - Multiple Local/Remote File Inclusions

Exploits (1)

exploitdb WRITEUP VERIFIED

by DSecRG · textwebappsphp

https://www.exploit-db.com/exploits/6001

View Code ZIP pw:eip

This advisory details multiple Remote/Local File Include vulnerabilities in 1024 CMS versions 1.4.3 and 1.4.4 RFC. It provides technical analysis of vulnerable code snippets and example exploit URLs, demonstrating path traversal and arbitrary file inclusion via user-controlled parameters.

Classification

Writeup 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: 1024 CMS 1.4.3, 1.4.4 RFC

No auth needed

Prerequisites: Network access to the target application · PHP file inclusion enabled on the server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026