EIP-2026-106011

PRE-CVE

CmsFaethon 2.2.0 (ultimate.7z) - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106011. PoCs published by eidelweiss.

AI-analyzed exploit summary The code describes multiple local and remote file inclusion vulnerabilities in CMS Faethon versions up to 2.2.0. It highlights insecure file inclusion practices in PHP scripts, allowing attackers to include arbitrary files via the 'mainpath' parameter.

Description

CmsFaethon 2.2.0 (ultimate.7z) - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED

by eidelweiss · textwebappsphp

https://www.exploit-db.com/exploits/11894

View Code ZIP pw:eip

The code describes multiple local and remote file inclusion vulnerabilities in CMS Faethon versions up to 2.2.0. It highlights insecure file inclusion practices in PHP scripts, allowing attackers to include arbitrary files via the 'mainpath' parameter.

Classification

Writeup 90%

Attack Type

Lfi | Rfi

Complexity

Trivial

Reliability

Reliable

Target: CMS Faethon (versions 1.12 to 2.2.0)

No auth needed

Prerequisites: Network access to the target application · Ability to manipulate the 'mainpath' parameter in HTTP requests

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1200 - Hardware Additions

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026