EIP-2026-104901

PRE-CVE

ACal 2.2.6 - 'view' Local File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104901. PoCs published by ICheer_No0M.

AI-analyzed exploit summary The provided text describes a local file inclusion (LFI) vulnerability in ACal 2.2.6, where insufficient input sanitization allows an attacker to include arbitrary files via the 'view' parameter. The example demonstrates accessing '/etc/passwd' through path traversal.

Description

ACal 2.2.6 - 'view' Local File Inclusion

Exploits (1)

exploitdb WRITEUP VERIFIED

by ICheer_No0M · textwebappsphp

https://www.exploit-db.com/exploits/38697

View Code ZIP pw:eip

The provided text describes a local file inclusion (LFI) vulnerability in ACal 2.2.6, where insufficient input sanitization allows an attacker to include arbitrary files via the 'view' parameter. The example demonstrates accessing '/etc/passwd' through path traversal.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: ACal 2.2.6

No auth needed

Prerequisites: Access to the vulnerable web application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026