EIP-2026-106413

PRE-CVE

Demium CMS 0.2.1b - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106413. PoCs published by Osirys.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Demium CMS 0.2.1 Beta, including SQL injection for authentication bypass, remote SQL injection for data exfiltration and shell creation, local file inclusion for remote command execution, and file disclosure via path traversal. Functional Perl scripts are provided for LFI and RCE exploitation.

Description

Demium CMS 0.2.1b - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Osirys · textwebappsphp

https://www.exploit-db.com/exploits/8124

View Code ZIP pw:eip

The exploit demonstrates multiple vulnerabilities in Demium CMS 0.2.1 Beta, including SQL injection for authentication bypass, remote SQL injection for data exfiltration and shell creation, local file inclusion for remote command execution, and file disclosure via path traversal. Functional Perl scripts are provided for LFI and RCE exploitation.

Classification

Working Poc 95%

Attack Type

Rce | Sqli | Auth Bypass | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Demium CMS 0.2.1 Beta

No auth needed

Prerequisites: Magic Quotes OFF · Network access to target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026