EIP-2026-111033

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111033. PoCs published by Zer0 Thunder.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in PHPDirector Game Edition, including Local File Inclusion (LFI), SQL Injection (SQLi), and Cross-Site Scripting (XSS). The LFI is achievable via the 'lang' parameter in header.php, while SQLi is possible in games.php due to improper input validation. XSS is exploitable through the comment form in games.php.

Description

PHPDirector Game Edition 0.1 - Local File Inclusion / SQL Injection / Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by Zer0 Thunder · textwebappsphp

https://www.exploit-db.com/exploits/11013

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in PHPDirector Game Edition, including Local File Inclusion (LFI), SQL Injection (SQLi), and Cross-Site Scripting (XSS). The LFI is achievable via the 'lang' parameter in header.php, while SQLi is possible in games.php due to improper input validation. XSS is exploitable through the comment form in games.php.

Classification

Working Poc 90%

Attack Type

Lfi | Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: PHPDirector Game Edition v0.1

No auth needed

Prerequisites: Access to the vulnerable application · Network connectivity to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1055 - Process Injection

devstral-2 · analyzed Feb 16, 2026 Full analysis →

PHPDirector Game Edition 0.1 - Local File Inclusion / SQL Injection / Cross-Site Scripting

Exploitation Summary

Description

Exploits (1)

Details