EIP-2026-111214

PRE-CVE

PHPSysInfo 2.0/2.1 - 'index.php' File Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111214. PoCs published by Albert Puigsech Galicia.

AI-analyzed exploit summary The exploit demonstrates a file disclosure vulnerability in PHPSysInfo by manipulating the include path for template files via symlinks. An attacker can disclose sensitive files by symlinking them to template files and accessing them through a crafted URL.

Description

PHPSysInfo 2.0/2.1 - 'index.php' File Disclosure

Exploits (1)

exploitdb WORKING POC VERIFIED

by Albert Puigsech Galicia · textwebappsphp

https://www.exploit-db.com/exploits/22457

View Code ZIP pw:eip

The exploit demonstrates a file disclosure vulnerability in PHPSysInfo by manipulating the include path for template files via symlinks. An attacker can disclose sensitive files by symlinking them to template files and accessing them through a crafted URL.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: PHPSysInfo

No auth needed

Prerequisites: Local access to the system · Ability to create symlinks

MITRE ATT&CK

T1083 - File and Directory Discovery T1205 - Traffic Signaling

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026