EIP-2026-111571

PRE-CVE

PTCeffect 4.6 - Local File Inclusion / SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111571. PoCs published by walid naceri.

AI-analyzed exploit summary This writeup describes an LFI vulnerability in PTCeffect 4.6, which can be exploited to include arbitrary files and perform SQL injection via the 'view' parameter in index.php. The PoC demonstrates path traversal to include admin files and inject SQL queries to dump admin credentials.

Description

PTCeffect 4.6 - Local File Inclusion / SQL Injection

Exploits (1)

exploitdb WRITEUP VERIFIED

by walid naceri · textwebappsphp

https://www.exploit-db.com/exploits/32941

View Code ZIP pw:eip

This writeup describes an LFI vulnerability in PTCeffect 4.6, which can be exploited to include arbitrary files and perform SQL injection via the 'view' parameter in index.php. The PoC demonstrates path traversal to include admin files and inject SQL queries to dump admin credentials.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: PTCeffect 4.6

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1005 - Data from Local System

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026