EIP-2026-111356
PRE-CVEPluck CMS 4.7 - Multiple Local File Inclusion / File Disclosure Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-111356. PoCs published by Bl4k3.
AI-analyzed exploit summary The code describes multiple file inclusion and disclosure vulnerabilities in Pluck 4.7 due to improper input sanitization. It highlights how directory traversal can be exploited to execute or disclose local files, but does not include functional exploit code.
Description
Pluck CMS 4.7 - Multiple Local File Inclusion / File Disclosure Vulnerabilities
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Bl4k3 · textwebappsphp
https://www.exploit-db.com/exploits/36129
The code describes multiple file inclusion and disclosure vulnerabilities in Pluck 4.7 due to improper input sanitization. It highlights how directory traversal can be exploited to execute or disclose local files, but does not include functional exploit code.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target:
Pluck 4.7
No auth needed
Prerequisites:
Access to vulnerable Pluck installation
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026