EIP-2026-104929

PRE-CVE

Acyhost - 'index.php' Remote File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104929. PoCs published by U238.

AI-analyzed exploit summary The exploit demonstrates a remote file inclusion vulnerability in Acyhost due to insufficient input sanitization. An attacker can include arbitrary files via the 'sayfa' parameter, potentially leading to remote code execution.

Description

Acyhost - 'index.php' Remote File Inclusion

Exploits (1)

exploitdb WORKING POC VERIFIED

by U238 · textwebappsphp

https://www.exploit-db.com/exploits/31401

View Code ZIP pw:eip

The exploit demonstrates a remote file inclusion vulnerability in Acyhost due to insufficient input sanitization. An attacker can include arbitrary files via the 'sayfa' parameter, potentially leading to remote code execution.

Classification

Working Poc 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Acyhost (version not specified)

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026