EIP-2026-107139

PRE-CVE

Flatpress 0.804 < 0.812.1 - Local File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107139. PoCs published by Giuseppe Fuggiano.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in FlatPress versions 0.804-0.812.1, which can be leveraged to achieve Remote Command Execution (RCE). The exploit crafts a malicious comment with PHP shell code, exploits the LFI in the user_get() function, and establishes a remote command session.

Description

Flatpress 0.804 < 0.812.1 - Local File Inclusion

Exploits (1)

exploitdb WORKING POC VERIFIED

by Giuseppe Fuggiano · textwebappsphp

https://www.exploit-db.com/exploits/9801

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in FlatPress versions 0.804-0.812.1, which can be leveraged to achieve Remote Command Execution (RCE). The exploit crafts a malicious comment with PHP shell code, exploits the LFI in the user_get() function, and establishes a remote command session.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: FlatPress 0.804-0.812.1

No auth needed

Prerequisites: Target must be running FlatPress 0.804-0.812.1 · Comment posting functionality must be enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026