EIP-2026-110829

PRE-CVE

PHP-Nuke - Local File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110829. PoCs published by ITSecTeam.

AI-analyzed exploit summary This exploit demonstrates a Local File Include (LFI) vulnerability in PHP-Nuke by manipulating the 'name' and 'file' parameters in the modules.php URL. The attacker can include arbitrary files from the server, potentially leading to remote code execution if combined with log poisoning or other techniques.

Description

PHP-Nuke - Local File Inclusion

Exploits (1)

exploitdb WORKING POC

by ITSecTeam · textwebappsphp

https://www.exploit-db.com/exploits/11732

View Code ZIP pw:eip

This exploit demonstrates a Local File Include (LFI) vulnerability in PHP-Nuke by manipulating the 'name' and 'file' parameters in the modules.php URL. The attacker can include arbitrary files from the server, potentially leading to remote code execution if combined with log poisoning or other techniques.

Classification

Working Poc 90%

Attack Type

Lfi

Complexity

Trivial

Reliability

Reliable

Target: PHP-Nuke (latest version at time of disclosure)

No auth needed

Prerequisites: Access to a vulnerable PHP-Nuke installation · Knowledge of server file paths for inclusion

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026