EIP-2026-112560

PRE-CVE

Task Management System 1.0 - 'page' Local File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112560. PoCs published by İsmail BOZKURT.

AI-analyzed exploit summary The exploit demonstrates a Local File Inclusion (LFI) vulnerability in Task Management System 1.0 by manipulating the 'page' parameter to include arbitrary files. The vulnerability arises from insufficient input validation and file existence checks, allowing path traversal attacks.

Description

Task Management System 1.0 - 'page' Local File Inclusion

Exploits (1)

exploitdb WORKING POC

by İsmail BOZKURT · textwebappsphp

https://www.exploit-db.com/exploits/49258

View Code ZIP pw:eip

The exploit demonstrates a Local File Inclusion (LFI) vulnerability in Task Management System 1.0 by manipulating the 'page' parameter to include arbitrary files. The vulnerability arises from insufficient input validation and file existence checks, allowing path traversal attacks.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Task Management System 1.0

Auth required

Prerequisites: Access to the application with valid credentials · PHP version < 5.3.3

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026