EIP-2026-107545

PRE-CVE

H0tturk Panel - 'gizli.php' Remote File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107545. PoCs published by U238.

AI-analyzed exploit summary The exploit demonstrates a remote file inclusion vulnerability in H0tturk Panel due to improper input sanitization. An attacker can include and execute arbitrary remote PHP code via the 'cfgProgDir' parameter in 'gizli.php'.

Description

H0tturk Panel - 'gizli.php' Remote File Inclusion

Exploits (1)

exploitdb WORKING POC VERIFIED

by U238 · textwebappsphp

https://www.exploit-db.com/exploits/32134

View Code ZIP pw:eip

The exploit demonstrates a remote file inclusion vulnerability in H0tturk Panel due to improper input sanitization. An attacker can include and execute arbitrary remote PHP code via the 'cfgProgDir' parameter in 'gizli.php'.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: H0tturk Panel

No auth needed

Prerequisites: Access to the vulnerable 'gizli.php' endpoint · Ability to host a malicious PHP file on a remote server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026