EIP-2026-107469

PRE-CVE

GR Board 1.8.6 - 'page.php' Remote File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107469. PoCs published by eidelweiss.

AI-analyzed exploit summary The provided text describes a remote file inclusion vulnerability in GR Board version 1.8.6.1, where unsanitized user input in the 'theme' parameter allows an attacker to include remote files. This could lead to remote code execution if the attacker controls the included file.

Description

GR Board 1.8.6 - 'page.php' Remote File Inclusion

Exploits (1)

exploitdb WRITEUP VERIFIED

by eidelweiss · textwebappsphp

https://www.exploit-db.com/exploits/34054

View Code ZIP pw:eip

The provided text describes a remote file inclusion vulnerability in GR Board version 1.8.6.1, where unsanitized user input in the 'theme' parameter allows an attacker to include remote files. This could lead to remote code execution if the attacker controls the included file.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: GR Board 1.8.6.1

No auth needed

Prerequisites: Access to the vulnerable application · Ability to host a malicious file on a remote server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026