EIP-2026-109992

PRE-CVE

Nuked-klaN SP4 - Remote File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109992. PoCs published by indoushka.

AI-analyzed exploit summary The exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Nuked-Klan SP4 by providing three URLs where the 'mod', 'module', or 'modul' parameters can be manipulated to include malicious remote files. The vulnerability allows an attacker to execute arbitrary code by injecting a remote script.

Description

Nuked-klaN SP4 - Remote File Inclusion

Exploits (1)

exploitdb WORKING POC

by indoushka · textwebappsphp

https://www.exploit-db.com/exploits/10712

View Code ZIP pw:eip

The exploit demonstrates a Remote File Inclusion (RFI) vulnerability in Nuked-Klan SP4 by providing three URLs where the 'mod', 'module', or 'modul' parameters can be manipulated to include malicious remote files. The vulnerability allows an attacker to execute arbitrary code by injecting a remote script.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Nuked-Klan SP4

No auth needed

Prerequisites: Access to the target web application · Ability to host a malicious script on a remote server

MITRE ATT&CK

T1189 - Drive-by Compromise T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026