EIP-2026-109325

PRE-CVE

MarieCMS 0.9 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109325. PoCs published by Amol Naik.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in MarieCMS v0.9, including Remote File Inclusion (RFI), Local File Inclusion (LFI), Persistent XSS, and Shell Upload. The PoC provides clear steps and URLs to exploit these vulnerabilities.

Description

MarieCMS 0.9 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by Amol Naik · textwebappsphp

https://www.exploit-db.com/exploits/10351

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in MarieCMS v0.9, including Remote File Inclusion (RFI), Local File Inclusion (LFI), Persistent XSS, and Shell Upload. The PoC provides clear steps and URLs to exploit these vulnerabilities.

Classification

Working Poc 90%

Attack Type

Rce | Xss | Info Leak

Complexity

Trivial

Reliability

Reliable

Target: MarieCMS v0.9

Auth required

Prerequisites: Access to the target server · Authenticated user for shell upload

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026