EIP-2026-112339

PRE-CVE

SOLIDserver < 5.0.4 - Local File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112339. PoCs published by Saeed reza Zamanian.

AI-analyzed exploit summary The exploit demonstrates a Local File Inclusion (LFI) vulnerability in SOLIDserver <=5.0.4, allowing unauthorized file reads via path traversal in the 'report_filename' and 'config_file' parameters. The PoC includes direct URLs to read sensitive files like /etc/passwd and /etc/hosts.

Description

SOLIDserver < 5.0.4 - Local File Inclusion

Exploits (1)

exploitdb WORKING POC

by Saeed reza Zamanian · textwebappsphp

https://www.exploit-db.com/exploits/39478

View Code ZIP pw:eip

The exploit demonstrates a Local File Inclusion (LFI) vulnerability in SOLIDserver <=5.0.4, allowing unauthorized file reads via path traversal in the 'report_filename' and 'config_file' parameters. The PoC includes direct URLs to read sensitive files like /etc/passwd and /etc/hosts.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: SOLIDserver <=5.0.4

No auth needed

Prerequisites: Network access to the target · Vulnerable SOLIDserver instance

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026