EIP-2026-106653

PRE-CVE

e107 0.7.21 full - Remote File Inclusion / Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106653. PoCs published by indoushka.

AI-analyzed exploit summary This exploit demonstrates RFI and XSS vulnerabilities in e107 0.7.21. The RFI vectors allow remote file inclusion via manipulated URL parameters, while the XSS vectors exploit user input fields in the user settings page.

Description

e107 0.7.21 full - Remote File Inclusion / Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by indoushka · textwebappsphp

https://www.exploit-db.com/exploits/12818

View Code ZIP pw:eip

This exploit demonstrates RFI and XSS vulnerabilities in e107 0.7.21. The RFI vectors allow remote file inclusion via manipulated URL parameters, while the XSS vectors exploit user input fields in the user settings page.

Classification

Working Poc 90%

Attack Type

Rfi | Xss

Complexity

Trivial

Reliability

Reliable

Target: e107 0.7.21

Auth required

Prerequisites: Target running e107 0.7.21 · Network access to the target · For XSS, user interaction or authentication may be required

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026