EIP-2026-109032

PRE-CVE

Koch Roland Rolis Guestbook 1.0 - '$path' Remote File Inclusion

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109032. PoCs published by RusH security team.

AI-analyzed exploit summary The entry describes a file inclusion vulnerability in Rolis Guestbook 1.0, where an attacker can manipulate the 'path' parameter in 'insert.inc.php' to include and execute arbitrary remote files. The vulnerability is due to insufficient input validation, allowing remote code execution.

Description

Koch Roland Rolis Guestbook 1.0 - '$path' Remote File Inclusion

Exploits (1)

exploitdb WRITEUP VERIFIED
by RusH security team · textwebappsphp
https://www.exploit-db.com/exploits/23384

The entry describes a file inclusion vulnerability in Rolis Guestbook 1.0, where an attacker can manipulate the 'path' parameter in 'insert.inc.php' to include and execute arbitrary remote files. The vulnerability is due to insufficient input validation, allowing remote code execution.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Rolis Guestbook 1.0
No auth needed
Prerequisites: Access to the vulnerable endpoint · Ability to host a malicious file on a remote server
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026