EIP-2026-105899

PRE-CVE

ClearBudget 0.6.1 - Insecure Cookie Handling / Local File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105899. PoCs published by SirGod.

AI-analyzed exploit summary The exploit demonstrates insecure cookie handling and local file inclusion (LFI) vulnerabilities in ClearBudget v0.6.1. The PoC includes JavaScript for cookie manipulation and URL examples for LFI via null-byte termination.

Description

ClearBudget 0.6.1 - Insecure Cookie Handling / Local File Inclusion

Exploits (1)

exploitdb WORKING POC VERIFIED

by SirGod · textwebappsphp

https://www.exploit-db.com/exploits/7992

View Code ZIP pw:eip

The exploit demonstrates insecure cookie handling and local file inclusion (LFI) vulnerabilities in ClearBudget v0.6.1. The PoC includes JavaScript for cookie manipulation and URL examples for LFI via null-byte termination.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: ClearBudget v0.6.1

No auth needed

Prerequisites: Access to the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026