EIP-2026-112012

PRE-CVE

Shadowed Portal 5.7d3 - 'POST' Remote File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112012. PoCs published by The:Paradox.

AI-analyzed exploit summary This is a writeup detailing a remote file inclusion (RFI) vulnerability in Shadowed Portal 5.7 and lower. The vulnerability arises from unsafe use of the 'require' function in 'control.php', allowing an attacker to include arbitrary PHP files via directory traversal and external URLs.

Description

Shadowed Portal 5.7d3 - 'POST' Remote File Inclusion

Exploits (1)

exploitdb WRITEUP VERIFIED

by The:Paradox · textwebappsphp

https://www.exploit-db.com/exploits/4769

View Code ZIP pw:eip

This is a writeup detailing a remote file inclusion (RFI) vulnerability in Shadowed Portal 5.7 and lower. The vulnerability arises from unsafe use of the 'require' function in 'control.php', allowing an attacker to include arbitrary PHP files via directory traversal and external URLs.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Shadowed Portal 5.7 and lower

No auth needed

Prerequisites: Network access to the target application · PHP configuration allowing remote file inclusion

MITRE ATT&CK

T1189 - Drive-by Compromise T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026