EIP-2026-110043

PRE-CVE

OneFileCMS - Failure to Restrict URL Access

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110043. PoCs published by Abhi M Balakrishnan.

AI-analyzed exploit summary This writeup describes an access control bypass vulnerability in OneFileCMS versions up to 1.1.4, where the redirection mechanism can be bypassed to access admin.php without proper authentication. The fix was implemented in version 1.1.5.

Description

OneFileCMS - Failure to Restrict URL Access

Exploits (1)

exploitdb WRITEUP VERIFIED

by Abhi M Balakrishnan · textwebappsphp

https://www.exploit-db.com/exploits/18632

View Code ZIP pw:eip

This writeup describes an access control bypass vulnerability in OneFileCMS versions up to 1.1.4, where the redirection mechanism can be bypassed to access admin.php without proper authentication. The fix was implemented in version 1.1.5.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: OneFileCMS up to 1.1.4

No auth needed

Prerequisites: Access to the target URL · No-Redirect Add-on or similar tool to bypass redirection

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026