EIP-2026-111315

PRE-CVE

pL-PHP Beta 0.9 - Local File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111315. PoCs published by cr4wl3r.

AI-analyzed exploit summary This Perl script exploits a Local File Include (LFI) vulnerability in pL-PHP <= beta 0.9 by injecting PHP code into Apache log files and then including them to achieve remote command execution (RCE). It automates the process of injecting malicious code into logs and triggering its execution via a crafted HTTP request.

Description

pL-PHP Beta 0.9 - Local File Inclusion

Exploits (1)

exploitdb WORKING POC VERIFIED

by cr4wl3r · perlwebappsphp

https://www.exploit-db.com/exploits/10841

View Code ZIP pw:eip

This Perl script exploits a Local File Include (LFI) vulnerability in pL-PHP <= beta 0.9 by injecting PHP code into Apache log files and then including them to achieve remote command execution (RCE). It automates the process of injecting malicious code into logs and triggering its execution via a crafted HTTP request.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: pL-PHP <= beta 0.9

No auth needed

Prerequisites: Apache log files must be writable by the web server · Target must be running pL-PHP <= beta 0.9 · Attacker must be able to reach the target's web server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026