EIP-2026-106369

PRE-CVE

Dazzle Blast - Remote File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106369. PoCs published by NoGe.

AI-analyzed exploit summary The exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Dazzle Blast by manipulating the ROOTDIR parameter in the createemails.php file. This allows an attacker to include and execute arbitrary remote code.

Description

Dazzle Blast - Remote File Inclusion

Exploits (1)

exploitdb WORKING POC VERIFIED

by NoGe · textwebappsphp

https://www.exploit-db.com/exploits/10046

View Code ZIP pw:eip

The exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Dazzle Blast by manipulating the ROOTDIR parameter in the createemails.php file. This allows an attacker to include and execute arbitrary remote code.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Dazzle Blast

No auth needed

Prerequisites: Remote file hosting with malicious code · Network access to the target application

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026