EIP-2026-111414

PRE-CVE

Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (1)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111414. PoCs published by Abysssec.

AI-analyzed exploit summary The advisory details multiple vulnerabilities in Portili Personal and Team Wiki <= 1.14, including admin password disclosure via directory traversal, unauthenticated file upload in FCKeditor, information leakage via phpinfo.php, and XSS in ajaxfilemanager.php. No functional exploit code is provided, only descriptions and PoC URLs.

Description

Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (1)

Exploits (1)

exploitdb WRITEUP VERIFIED

by Abysssec · textwebappsphp

https://www.exploit-db.com/exploits/9847

View Code ZIP pw:eip

The advisory details multiple vulnerabilities in Portili Personal and Team Wiki <= 1.14, including admin password disclosure via directory traversal, unauthenticated file upload in FCKeditor, information leakage via phpinfo.php, and XSS in ajaxfilemanager.php. No functional exploit code is provided, only descriptions and PoC URLs.

Classification

Writeup 90%

Attack Type

Info Leak | Auth Bypass | Xss | Other

Complexity

Trivial

Reliability

Theoretical

Target: Portili Personal and Team Wiki <= 1.14

No auth needed

Prerequisites: Network access to the target application

MITRE ATT&CK

T1083 - File and Directory Discovery T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026