EIP-2026-108027

PRE-CVE

iziContents RC6 - Remote Code Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-108027. PoCs published by Kacper.

AI-analyzed exploit summary This exploit targets a vulnerability in iziContents RC6 where the `GLOBALS[modules_home]` parameter can be manipulated to include arbitrary files, leading to remote code execution. It attempts to inject commands into log files and trigger their execution via the vulnerable script.

Description

iziContents RC6 - Remote Code Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kacper · phpwebappsphp

https://www.exploit-db.com/exploits/2261

View Code ZIP pw:eip

This exploit targets a vulnerability in iziContents RC6 where the `GLOBALS[modules_home]` parameter can be manipulated to include arbitrary files, leading to remote code execution. It attempts to inject commands into log files and trigger their execution via the vulnerable script.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: iziContents RC6

No auth needed

Prerequisites: register_globals=On · access to vulnerable iziContents installation · writable log files

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1200 - Hardware Additions T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026