EIP-2026-104878

PRE-CVE

A2CMS - 'index.php' Local File Disclosure

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104878. PoCs published by St493r.

AI-analyzed exploit summary The exploit demonstrates a local file disclosure vulnerability in A2CMS due to insufficient input validation. By manipulating the 'f' parameter in the URL, an attacker can traverse directories and read arbitrary local files, such as '/etc/passwd'.

Description

A2CMS - 'index.php' Local File Disclosure

Exploits (1)

exploitdb WORKING POC VERIFIED
by St493r · textwebappsphp
https://www.exploit-db.com/exploits/36192

The exploit demonstrates a local file disclosure vulnerability in A2CMS due to insufficient input validation. By manipulating the 'f' parameter in the URL, an attacker can traverse directories and read arbitrary local files, such as '/etc/passwd'.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: A2CMS
No auth needed
Prerequisites: Access to the vulnerable A2CMS application
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026