EIP-2026-112175

PRE-CVE

SisfoKampus - 'dwoprn.php' Arbitrary File Download

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112175. PoCs published by PUPET.

AI-analyzed exploit summary The provided text describes an arbitrary file download vulnerability in Sisfo Kampus 2006 due to insufficient input sanitization. An attacker can exploit this to download sensitive files like 'connectdb.php' by manipulating the 'f' parameter in 'dwoprn.php'.

Description

SisfoKampus - 'dwoprn.php' Arbitrary File Download

Exploits (1)

exploitdb WRITEUP VERIFIED
by PUPET · textwebappsphp
https://www.exploit-db.com/exploits/30573

The provided text describes an arbitrary file download vulnerability in Sisfo Kampus 2006 due to insufficient input sanitization. An attacker can exploit this to download sensitive files like 'connectdb.php' by manipulating the 'f' parameter in 'dwoprn.php'.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Sisfo Kampus 2006
No auth needed
Prerequisites: Access to the vulnerable endpoint
MITRE ATT&CK
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026