EIP-2026-110509

PRE-CVE

PBBoard 2.1.4 - Local File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110509. PoCs published by n4ss1m.

AI-analyzed exploit summary The exploit demonstrates a Local File Inclusion (LFI) vulnerability in PBBoard 2.1.4 via the 'page' parameter in admin.php. The vulnerability arises due to insufficient sanitization of user input, allowing directory traversal sequences to include arbitrary files.

Description

PBBoard 2.1.4 - Local File Inclusion

Exploits (1)

exploitdb WORKING POC VERIFIED

by n4ss1m · textwebappsphp

https://www.exploit-db.com/exploits/18937

View Code ZIP pw:eip

The exploit demonstrates a Local File Inclusion (LFI) vulnerability in PBBoard 2.1.4 via the 'page' parameter in admin.php. The vulnerability arises due to insufficient sanitization of user input, allowing directory traversal sequences to include arbitrary files.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: PBBoard 2.1.4

Auth required

Prerequisites: User authentication (standard user or higher)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026