EIP-2026-109454

PRE-CVE

Microweber CMS 1.2.10 - Local File Inclusion (Authenticated) (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109454. PoCs published by Talha Karakumru.

AI-analyzed exploit summary This Metasploit module exploits an authenticated Local File Inclusion (LFI) vulnerability in Microweber CMS v1.2.10 by abusing the backup functionality to upload and download arbitrary files from the filesystem.

Description

Microweber CMS 1.2.10 - Local File Inclusion (Authenticated) (Metasploit)

Exploits (1)

exploitdb WORKING POC

by Talha Karakumru · rubywebappsphp

https://www.exploit-db.com/exploits/50786

View Code ZIP pw:eip

This Metasploit module exploits an authenticated Local File Inclusion (LFI) vulnerability in Microweber CMS v1.2.10 by abusing the backup functionality to upload and download arbitrary files from the filesystem.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Microweber CMS v1.2.10

Auth required

Prerequisites: Valid admin credentials · Access to the admin panel · Backup functionality enabled

MITRE ATT&CK

T1005 - Data from Local System T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026