Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-112506. PoCs published by Ashiyane Digital Security Team.
AI-analyzed exploit summary This Python script exploits a Local File Inclusion (LFI) vulnerability in SweetRice 1.5.1 by authenticating with provided credentials and then downloading arbitrary files from the server via a crafted request to the 'db_import' endpoint.
Description
SweetRice 1.5.1 - Arbitrary File Download
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Ashiyane Digital Security Team · pythonwebappsphp
https://www.exploit-db.com/exploits/40698
This Python script exploits a Local File Inclusion (LFI) vulnerability in SweetRice 1.5.1 by authenticating with provided credentials and then downloading arbitrary files from the server via a crafted request to the 'db_import' endpoint.
Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
SweetRice 1.5.1
Auth required
Prerequisites:
valid credentials for the target application · network access to the target web application
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026