EIP-2026-112108

PRE-CVE

Simple Machines Forum (SMF) 1.1 rc2 (Windows) - 'lngfile' Local File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112108. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets Simple Machines Forum (SMF) <= 1.1 rc2 by leveraging a local file inclusion vulnerability via the 'lngfile' parameter during user registration. It bypasses PHP settings on Windows systems to include arbitrary local files.

Description

Simple Machines Forum (SMF) 1.1 rc2 (Windows) - 'lngfile' Local File Inclusion

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/2231

View Code ZIP pw:eip

This exploit targets Simple Machines Forum (SMF) <= 1.1 rc2 by leveraging a local file inclusion vulnerability via the 'lngfile' parameter during user registration. It bypasses PHP settings on Windows systems to include arbitrary local files.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Simple Machines Forum <= 1.1 rc2

No auth needed

Prerequisites: Target must be running SMF <= 1.1 rc2 on a Windows system with PHP < 4.3.3 or PHP 5 < 5.1.4

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026