EIP-2026-111435

PRE-CVE

PostNuke 0.7x - Install Script Administrator Password Disclosure

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111435. PoCs published by hellsink.

AI-analyzed exploit summary This is a technical writeup describing an information disclosure vulnerability in PostNuke due to the presence of an unremoved 'install.php' script after installation, which can leak administrator credentials. The issue is trivial to exploit by accessing the script directly via a URL.

Description

PostNuke 0.7x - Install Script Administrator Password Disclosure

Exploits (1)

exploitdb WRITEUP VERIFIED
by hellsink · textwebappsphp
https://www.exploit-db.com/exploits/24307

This is a technical writeup describing an information disclosure vulnerability in PostNuke due to the presence of an unremoved 'install.php' script after installation, which can leak administrator credentials. The issue is trivial to exploit by accessing the script directly via a URL.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: PostNuke (version not specified)
No auth needed
Prerequisites: Vulnerable PostNuke installation with 'install.php' still present
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026