EIP-2026-111009

PRE-CVE

phpCMS 2008 - 'download.php' Information Disclosure

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111009. PoCs published by Securitylab.ir.

AI-analyzed exploit summary This exploit demonstrates an information disclosure vulnerability in PHPCMS2008 due to insufficient input validation. It allows an attacker to download local files, such as configuration files, by manipulating the 'f' parameter in the URL.

Description

phpCMS 2008 - 'download.php' Information Disclosure

Exploits (1)

exploitdb WORKING POC VERIFIED
by Securitylab.ir · textwebappsphp
https://www.exploit-db.com/exploits/34486

This exploit demonstrates an information disclosure vulnerability in PHPCMS2008 due to insufficient input validation. It allows an attacker to download local files, such as configuration files, by manipulating the 'f' parameter in the URL.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: PHPCMS2008
No auth needed
Prerequisites: Access to the target web application
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026