EIP-2026-110455

PRE-CVE

Pandora FMS 4.0.1 - 'sec2' Local File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110455. PoCs published by Ucha Gobejishvili.

AI-analyzed exploit summary The provided text describes a local file inclusion (LFI) vulnerability in Pandora FMS 4.0.1, where unsanitized user input in the 'sec2' parameter allows attackers to include and execute local files. No actual exploit code is present, only a description and example URL.

Description

Pandora FMS 4.0.1 - 'sec2' Local File Inclusion

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ucha Gobejishvili · textwebappsphp

https://www.exploit-db.com/exploits/36792

View Code ZIP pw:eip

The provided text describes a local file inclusion (LFI) vulnerability in Pandora FMS 4.0.1, where unsanitized user input in the 'sec2' parameter allows attackers to include and execute local files. No actual exploit code is present, only a description and example URL.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: Pandora FMS 4.0.1

No auth needed

Prerequisites: Access to the vulnerable web application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026