EIP-2026-106980

PRE-CVE

eXtreme-fusion 4.02 - 'Fusion_Forum_View.php' Local File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106980. PoCs published by Kacper.

AI-analyzed exploit summary This exploit targets a local file inclusion vulnerability in eXtreme-fusion 4.02, allowing remote code execution by leveraging improper input sanitization in the 'locale' parameter and file upload functionality. The PoC includes authentication and command execution capabilities.

Description

eXtreme-fusion 4.02 - 'Fusion_Forum_View.php' Local File Inclusion

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · phpwebappsphp

https://www.exploit-db.com/exploits/29289

View Code ZIP pw:eip

This exploit targets a local file inclusion vulnerability in eXtreme-fusion 4.02, allowing remote code execution by leveraging improper input sanitization in the 'locale' parameter and file upload functionality. The PoC includes authentication and command execution capabilities.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: eXtreme-fusion 4.02

Auth required

Prerequisites: Valid user credentials · File upload access · Target running vulnerable eXtreme-fusion version

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026