EIP-2026-109247

PRE-CVE

MagicScripts E-Store Kit-2 PayPal Edition - Remote File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109247. PoCs published by Dcrab.

AI-analyzed exploit summary The exploit demonstrates a remote file inclusion vulnerability in MagicScripts E-Store Kit-2 PayPal Edition. By manipulating the 'main' and 'menu' parameters in the URL, an attacker can include and execute arbitrary remote PHP scripts in the context of the web server.

Description

MagicScripts E-Store Kit-2 PayPal Edition - Remote File Inclusion

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dcrab · textwebappsphp

https://www.exploit-db.com/exploits/25286

View Code ZIP pw:eip

The exploit demonstrates a remote file inclusion vulnerability in MagicScripts E-Store Kit-2 PayPal Edition. By manipulating the 'main' and 'menu' parameters in the URL, an attacker can include and execute arbitrary remote PHP scripts in the context of the web server.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: MagicScripts E-Store Kit-2 PayPal Edition

No auth needed

Prerequisites: Remote PHP script hosted on an attacker-controlled server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026