EIP-2026-109904

PRE-CVE

New-CMS 1.08 - Multiple Local File Inclusion / HTML Injection Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109904. PoCs published by Alberto Fontanella.

AI-analyzed exploit summary The provided text describes multiple local file-include vulnerabilities and an HTML-Injection vulnerability in New-CMS 1.08. It outlines how an attacker can exploit these vulnerabilities using directory-traversal strings to execute arbitrary scripts and perform HTML injection.

Description

New-CMS 1.08 - Multiple Local File Inclusion / HTML Injection Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED
by Alberto Fontanella · textwebappsphp
https://www.exploit-db.com/exploits/33652

The provided text describes multiple local file-include vulnerabilities and an HTML-Injection vulnerability in New-CMS 1.08. It outlines how an attacker can exploit these vulnerabilities using directory-traversal strings to execute arbitrary scripts and perform HTML injection.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: New-CMS 1.08
No auth needed
Prerequisites: Access to the vulnerable web application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026