EIP-2026-105428

PRE-CVE

bcoos 1.0.13 - 'common.php' Remote File Inclusion

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105428. PoCs published by Cru3l.b0y.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in the 'bcoos' program version 1.0.13, where improper input sanitization allows an attacker to include and execute arbitrary remote PHP code. The example URL demonstrates how an attacker could exploit this vulnerability by manipulating the 'XOOPS_ROOT_PATH' parameter.

Description

bcoos 1.0.13 - 'common.php' Remote File Inclusion

Exploits (1)

exploitdb WRITEUP VERIFIED
by Cru3l.b0y · textwebappsphp
https://www.exploit-db.com/exploits/32532

The provided text describes a remote file inclusion vulnerability in the 'bcoos' program version 1.0.13, where improper input sanitization allows an attacker to include and execute arbitrary remote PHP code. The example URL demonstrates how an attacker could exploit this vulnerability by manipulating the 'XOOPS_ROOT_PATH' parameter.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: bcoos 1.0.13
No auth needed
Prerequisites: Network access to the target application · Ability to host a malicious PHP file on a remote server
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026