EIP-2026-105983
PRE-CVECMS Made Simple 1.8 - 'default_cms_lang' Local File Inclusion
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-105983. PoCs published by John Leitch.
AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in CMS Made Simple 1.8 by manipulating the 'default_cms_lang' parameter to traverse directories and include arbitrary files. The PoC sends a crafted POST request to '/admin/addbookmark.php' with a payload designed to access 'windows/win.ini'.
Description
CMS Made Simple 1.8 - 'default_cms_lang' Local File Inclusion
Exploits (1)
This exploit demonstrates a Local File Inclusion (LFI) vulnerability in CMS Made Simple 1.8 by manipulating the 'default_cms_lang' parameter to traverse directories and include arbitrary files. The PoC sends a crafted POST request to '/admin/addbookmark.php' with a payload designed to access 'windows/win.ini'.