EIP-2026-104860

PRE-CVE

68KB - Multiple Remote File Inclusions

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104860. PoCs published by ITSecTeam.

AI-analyzed exploit summary This exploit demonstrates a remote file inclusion vulnerability in 68kb v1.0.0rc2, allowing an attacker to include arbitrary files via the 'file' parameter in two PHP scripts. The vulnerability is trivial to exploit and can lead to remote code execution if combined with file upload capabilities.

Description

68KB - Multiple Remote File Inclusions

Exploits (1)

exploitdb WORKING POC VERIFIED

by ITSecTeam · textwebappsphp

https://www.exploit-db.com/exploits/11904

View Code ZIP pw:eip

This exploit demonstrates a remote file inclusion vulnerability in 68kb v1.0.0rc2, allowing an attacker to include arbitrary files via the 'file' parameter in two PHP scripts. The vulnerability is trivial to exploit and can lead to remote code execution if combined with file upload capabilities.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: 68kb v1.0.0rc2

No auth needed

Prerequisites: Network access to the target application · Ability to host or reference a malicious file

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026