EIP-2026-106431

PRE-CVE

DewNewPHPLinks 2.1.0.1 - Local File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106431. PoCs published by ITSecTeam.

AI-analyzed exploit summary The exploit demonstrates a Local File Inclusion (LFI) vulnerability in DewNewPHPLinks 2.1.0.1. The vulnerability arises from unsanitized user input in the 'lang' parameter, allowing arbitrary file inclusion via null byte termination.

Description

DewNewPHPLinks 2.1.0.1 - Local File Inclusion

Exploits (1)

exploitdb WORKING POC VERIFIED

by ITSecTeam · textwebappsphp

https://www.exploit-db.com/exploits/11795

View Code ZIP pw:eip

The exploit demonstrates a Local File Inclusion (LFI) vulnerability in DewNewPHPLinks 2.1.0.1. The vulnerability arises from unsanitized user input in the 'lang' parameter, allowing arbitrary file inclusion via null byte termination.

Classification

Working Poc 90%

Attack Type

Lfi

Complexity

Trivial

Reliability

Reliable

Target: DewNewPHPLinks 2.1.0.1

No auth needed

Prerequisites: Access to the vulnerable endpoints (/docs/add-cats.php or /docs/dbupdate.php)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026