EIP-2026-105160

PRE-CVE

AMember Pro 2.3.4 - Remote File Inclusion

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105160. PoCs published by NewAngels Team.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in aMember Pro 2.3.4, where unsanitized input allows an attacker to include and execute arbitrary remote PHP files. The example demonstrates how an attacker could exploit this by setting the 'config[root_dir]' parameter to a malicious URL.

Description

AMember Pro 2.3.4 - Remote File Inclusion

Exploits (1)

exploitdb WRITEUP VERIFIED
by NewAngels Team · textwebappsphp
https://www.exploit-db.com/exploits/26237

The provided text describes a remote file inclusion vulnerability in aMember Pro 2.3.4, where unsanitized input allows an attacker to include and execute arbitrary remote PHP files. The example demonstrates how an attacker could exploit this by setting the 'config[root_dir]' parameter to a malicious URL.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: aMember Pro 2.3.4
No auth needed
Prerequisites: Access to the vulnerable parameter in the target application · Ability to host a malicious PHP file on an attacker-controlled server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026