EIP-2026-108172

This PHP script exploits a Local File Inclusion (LFI) vulnerability in Joomla 1.5.12 by manipulating the 'tinybrowser_lang' cookie to read arbitrary files on the server. The exploit sends a crafted HTTP request to the vulnerable endpoint, allowing file disclosure or potential remote code execution if combined with log poisoning.