EIP-2026-106076

PRE-CVE

Comment IT 0.2 - 'PathToComment' Remote File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106076. PoCs published by Cold Zero.

AI-analyzed exploit summary The exploit demonstrates a remote file inclusion vulnerability in Comment IT 0.2 by manipulating the 'PathToComment' parameter in two PHP files, allowing an attacker to include and execute arbitrary remote files.

Description

Comment IT 0.2 - 'PathToComment' Remote File Inclusion

Exploits (1)

exploitdb WORKING POC VERIFIED

by Cold Zero · textwebappsphp

https://www.exploit-db.com/exploits/28861

View Code ZIP pw:eip

The exploit demonstrates a remote file inclusion vulnerability in Comment IT 0.2 by manipulating the 'PathToComment' parameter in two PHP files, allowing an attacker to include and execute arbitrary remote files.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Comment IT 0.2

No auth needed

Prerequisites: Access to the target web application · Ability to host a malicious file on a remote server

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026