EIP-2026-109776

PRE-CVE

MyPhotos 0.1.3b - 'index.php' Remote File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109776. PoCs published by Root3r_H3ll.

AI-analyzed exploit summary The exploit demonstrates a remote file inclusion vulnerability in MyPhotos 0.1.3b beta by manipulating the 'includesdir' parameter in the URL to include arbitrary remote files. This can lead to remote code execution if the attacker hosts malicious PHP code.

Description

MyPhotos 0.1.3b - 'index.php' Remote File Inclusion

Exploits (1)

exploitdb WORKING POC VERIFIED

by Root3r_H3ll · textwebappsphp

https://www.exploit-db.com/exploits/28658

View Code ZIP pw:eip

The exploit demonstrates a remote file inclusion vulnerability in MyPhotos 0.1.3b beta by manipulating the 'includesdir' parameter in the URL to include arbitrary remote files. This can lead to remote code execution if the attacker hosts malicious PHP code.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: MyPhotos 0.1.3b beta

No auth needed

Prerequisites: Target application must be accessible · Remote file inclusion must be enabled on the server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026