EIP-2026-110748

PRE-CVE

PHP Real Estate Script 3 - Arbitrary File Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110748. PoCs published by Meisam Monsef.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file disclosure vulnerability in php Real Estate Script v3 by sending a crafted POST request to read sensitive files like the database configuration. The script uses fsockopen to interact with the target server and retrieves the file content via path traversal.

Description

PHP Real Estate Script 3 - Arbitrary File Disclosure

Exploits (1)

exploitdb WORKING POC

by Meisam Monsef · phpwebappsphp

https://www.exploit-db.com/exploits/40076

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file disclosure vulnerability in php Real Estate Script v3 by sending a crafted POST request to read sensitive files like the database configuration. The script uses fsockopen to interact with the target server and retrieves the file content via path traversal.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: php Real Estate Script v3

No auth needed

Prerequisites: Network access to the target server · Target running php Real Estate Script v3

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026