EIP-2026-110838

PRE-CVE

PHP-Nuke 5.5/6.0 News Module - Full Path Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110838. PoCs published by Rynho Zeros Web.

AI-analyzed exploit summary The provided text describes an information disclosure vulnerability in the News module for PHPNuke versions 5.5 and 6.0. The vulnerability allows remote attackers to disclose sensitive path information by manipulating the 'sid' parameter in the URL.

Description

PHP-Nuke 5.5/6.0 News Module - Full Path Disclosure

Exploits (1)

exploitdb WRITEUP VERIFIED

by Rynho Zeros Web · textwebappsphp

https://www.exploit-db.com/exploits/22348

View Code ZIP pw:eip

The provided text describes an information disclosure vulnerability in the News module for PHPNuke versions 5.5 and 6.0. The vulnerability allows remote attackers to disclose sensitive path information by manipulating the 'sid' parameter in the URL.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: PHPNuke News module versions 5.5 and 6.0

No auth needed

Prerequisites: Access to the target PHPNuke instance

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026