EIP-2026-109378

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109378. PoCs published by frog.

AI-analyzed exploit summary The exploit demonstrates a directory traversal vulnerability in mcNews by manipulating the 'skinfile' parameter to access arbitrary files on the server. The PoC URL shows how an attacker can read files outside the intended directory by using '../' sequences.

Description

mcNews 1.x - File Disclosure

Exploits (1)

exploitdb WORKING POC VERIFIED

by frog · textwebappsphp

https://www.exploit-db.com/exploits/21463

View Code ZIP pw:eip

The exploit demonstrates a directory traversal vulnerability in mcNews by manipulating the 'skinfile' parameter to access arbitrary files on the server. The PoC URL shows how an attacker can read files outside the intended directory by using '../' sequences.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: mcNews

No auth needed

Prerequisites: Access to the vulnerable mcNews installation

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 18, 2026 Full analysis →

mcNews 1.x - File Disclosure

Exploitation Summary

Description

Exploits (1)

Details