EIP-2026-107356

PRE-CVE

Gcards 1.13 - 'Addnews.php' Remote File Inclusion

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107356. PoCs published by DeatH VirUs.

AI-analyzed exploit summary The provided text describes a remote file-include vulnerability in gcards version 1.13, where insufficient input sanitization allows arbitrary PHP code execution via the 'languagefile' parameter. The example URL demonstrates the exploit vector but lacks executable code.

Description

Gcards 1.13 - 'Addnews.php' Remote File Inclusion

Exploits (1)

exploitdb WRITEUP VERIFIED
by DeatH VirUs · textwebappsphp
https://www.exploit-db.com/exploits/28784

The provided text describes a remote file-include vulnerability in gcards version 1.13, where insufficient input sanitization allows arbitrary PHP code execution via the 'languagefile' parameter. The example URL demonstrates the exploit vector but lacks executable code.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: gcards 1.13
No auth needed
Prerequisites: Access to the vulnerable endpoint · Ability to craft malicious requests
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026