EIP-2026-111887

PRE-CVE

sandbox 2.0.3 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111887. PoCs published by Salvatore Fresta.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in Sandbox 2.0.3, including authentication bypass, arbitrary file upload, local file inclusion, and SQL injection. It provides code snippets, exploitation steps, and root cause analysis.

Description

sandbox 2.0.3 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED

by Salvatore Fresta · textwebappsphp

https://www.exploit-db.com/exploits/14255

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple vulnerabilities in Sandbox 2.0.3, including authentication bypass, arbitrary file upload, local file inclusion, and SQL injection. It provides code snippets, exploitation steps, and root cause analysis.

Classification

Writeup 100%

Attack Type

Auth Bypass | Sqli | Info Leak | Other

Complexity

Moderate

Reliability

Reliable

Target: Sandbox 2.0.3

No auth needed

Prerequisites: magic_quotes_gpc disabled for authentication bypass · access to upload functionality for arbitrary file upload · access to admin.php for LFI · access to modules/page.php for SQLi

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026