EIP-2026-109276

PRE-CVE

Mambo Componen phpBB 1.2.4 - Multiple Remote File Inclusions

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109276. PoCs published by h4ntu.

AI-analyzed exploit summary This is a vulnerability writeup describing remote file inclusion vulnerabilities in phpBB for Mambo due to improper input sanitization. It allows arbitrary remote file inclusion and execution of malicious PHP code.

Description

Mambo Componen phpBB 1.2.4 - Multiple Remote File Inclusions

Exploits (1)

exploitdb WRITEUP VERIFIED

by h4ntu · textwebappsphp

https://www.exploit-db.com/exploits/28199

View Code ZIP pw:eip

This is a vulnerability writeup describing remote file inclusion vulnerabilities in phpBB for Mambo due to improper input sanitization. It allows arbitrary remote file inclusion and execution of malicious PHP code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: phpBB for Mambo versions 1.2.4-RC3 and prior

No auth needed

Prerequisites: Access to the target URL with the vulnerable parameter

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026