EIP-2026-108986
PRE-CVEKemana Directory 1.5.6 - 'task.php' Local File Inclusion
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-108986. PoCs published by LiquidWorm.
AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Kemana Directory 1.5.6 via the 'run' parameter in task.php. The vulnerability allows authenticated attackers to include local files using directory traversal sequences.
Description
Kemana Directory 1.5.6 - 'task.php' Local File Inclusion
Exploits (1)
exploitdb
WORKING POC
by LiquidWorm · textwebappsphp
https://www.exploit-db.com/exploits/32508
This exploit demonstrates a Local File Inclusion (LFI) vulnerability in Kemana Directory 1.5.6 via the 'run' parameter in task.php. The vulnerability allows authenticated attackers to include local files using directory traversal sequences.
Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
Kemana Directory 1.5.6
Auth required
Prerequisites:
Authenticated access to the application · Target running Kemana Directory 1.5.6
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026