EIP-2026-111370
PRE-CVEpMachine 1.0/2.x - '/lib/' Multiple Script Direct Request Full Path Disclosures
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-111370. PoCs published by Lorenzo Hernandez Garcia-Hierro.
AI-analyzed exploit summary This is a vulnerability writeup describing a path disclosure issue in pMachine. The vulnerability occurs when accessing specific PHP scripts, causing an error page to disclose the installation directory.
Description
pMachine 1.0/2.x - '/lib/' Multiple Script Direct Request Full Path Disclosures
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Lorenzo Hernandez Garcia-Hierro · textwebappsphp
https://www.exploit-db.com/exploits/22808
This is a vulnerability writeup describing a path disclosure issue in pMachine. The vulnerability occurs when accessing specific PHP scripts, causing an error page to disclose the installation directory.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
pMachine (version not specified)
No auth needed
Prerequisites:
Access to the target web server
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026