EIP-2026-112046

PRE-CVE

SilverNews 2.04 - Authentication Bypass / Local File Inclusion / Remote Code Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112046. PoCs published by x0r.

AI-analyzed exploit summary The exploit demonstrates an authentication bypass via SQL injection, local file inclusion (LFI), and remote code execution (RCE) in SilverNews 2.04. The SQL injection bypasses admin login, LFI allows reading arbitrary files, and RCE is achieved by modifying a configuration file.

Description

SilverNews 2.04 - Authentication Bypass / Local File Inclusion / Remote Code Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by x0r · textwebappsphp

https://www.exploit-db.com/exploits/8004

View Code ZIP pw:eip

The exploit demonstrates an authentication bypass via SQL injection, local file inclusion (LFI), and remote code execution (RCE) in SilverNews 2.04. The SQL injection bypasses admin login, LFI allows reading arbitrary files, and RCE is achieved by modifying a configuration file.

Classification

Working Poc 95%

Attack Type

Auth Bypass | Sqli | Lfi | Rce

Complexity

Trivial

Reliability

Reliable

Target: SilverNews 2.04

No auth needed

Prerequisites: Access to the admin.php endpoint · Ability to send crafted HTTP requests

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026