EIP-2026-106148

PRE-CVE

ContentNow 1.30 - Local File Inclusion / Arbitrary File Upload/Delete

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106148. PoCs published by r0ut3r.

AI-analyzed exploit summary This exploit demonstrates a local file inclusion vulnerability and arbitrary file upload/delete vulnerabilities in ContentNow 1.30. The LFI allows reading sensitive files via path traversal, while the upload functionality can be abused for remote command execution due to improper permissions.

Description

ContentNow 1.30 - Local File Inclusion / Arbitrary File Upload/Delete

Exploits (1)

exploitdb WORKING POC VERIFIED

by r0ut3r · textwebappsphp

https://www.exploit-db.com/exploits/2768

View Code ZIP pw:eip

This exploit demonstrates a local file inclusion vulnerability and arbitrary file upload/delete vulnerabilities in ContentNow 1.30. The LFI allows reading sensitive files via path traversal, while the upload functionality can be abused for remote command execution due to improper permissions.

Classification

Working Poc 90%

Attack Type

Info Leak | Rce

Complexity

Trivial

Reliability

Reliable

Target: ContentNow 1.30

No auth needed

Prerequisites: Target running ContentNow 1.30 · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1205 - Traffic Signaling T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026