EIP-2026-112594
PRE-CVETenderSystem 0.9.5 - 'main.php' Multiple Local File Inclusions
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-112594. PoCs published by Packetdeath.
AI-analyzed exploit summary The code describes a local file inclusion (LFI) vulnerability in TenderSystem 0.9.5 Beta, where unsanitized user input allows attackers to include arbitrary local files via path traversal sequences. The provided URI examples demonstrate the exploitation of the 'module' and 'function' parameters to access sensitive files like 'boot.ini'.
Description
TenderSystem 0.9.5 - 'main.php' Multiple Local File Inclusions
Exploits (1)
The code describes a local file inclusion (LFI) vulnerability in TenderSystem 0.9.5 Beta, where unsanitized user input allows attackers to include arbitrary local files via path traversal sequences. The provided URI examples demonstrate the exploitation of the 'module' and 'function' parameters to access sensitive files like 'boot.ini'.