EIP-2026-107093

PRE-CVE

fileNice PHP file browser - Local/Remote File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107093. PoCs published by e.wiZz.

AI-analyzed exploit summary The code describes a local file inclusion (LFI) and remote file inclusion (RFI) vulnerability in FileNice file browser due to insufficient input validation in the 'view' and 'src' parameters. The analysis highlights bypassable security checks and demonstrates how arbitrary files can be accessed or remote shells included.

Description

fileNice PHP file browser - Local/Remote File Inclusion

Exploits (1)

exploitdb WRITEUP VERIFIED

by e.wiZz · textwebappsphp

https://www.exploit-db.com/exploits/10845

View Code ZIP pw:eip

The code describes a local file inclusion (LFI) and remote file inclusion (RFI) vulnerability in FileNice file browser due to insufficient input validation in the 'view' and 'src' parameters. The analysis highlights bypassable security checks and demonstrates how arbitrary files can be accessed or remote shells included.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: FileNice file browser

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026