EIP-2026-111284

PRE-CVE

Pithcms - 'theme' Local/Remote File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111284. PoCs published by eidelweiss.

AI-analyzed exploit summary This exploit demonstrates a Local File Inclusion (LFI) vulnerability in pithcms version 0.9.5.1 due to improper handling of the 'theme' parameter. The PoC shows how an attacker can include arbitrary local files or potentially execute remote code by manipulating the parameter.

Description

Pithcms - 'theme' Local/Remote File Inclusion

Exploits (1)

exploitdb WORKING POC

by eidelweiss · textwebappsphp

https://www.exploit-db.com/exploits/14271

View Code ZIP pw:eip

This exploit demonstrates a Local File Inclusion (LFI) vulnerability in pithcms version 0.9.5.1 due to improper handling of the 'theme' parameter. The PoC shows how an attacker can include arbitrary local files or potentially execute remote code by manipulating the parameter.

Classification

Working Poc 90%

Attack Type

Lfi

Complexity

Trivial

Reliability

Reliable

Target: pithcms 0.9.5.1

No auth needed

Prerequisites: Access to the vulnerable application · Ability to send HTTP requests to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026