EIP-2026-112701
PRE-CVETiny Web Gallery 1.5 - 'Image' Multiple Remote File Inclusions
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-112701. PoCs published by x0r0n.
AI-analyzed exploit summary This is a vulnerability writeup describing remote file inclusion (RFI) vulnerabilities in Tiny Web Gallery. It outlines how an attacker can include arbitrary remote files containing malicious PHP code via unsanitized input in the 'image' parameter.
Description
Tiny Web Gallery 1.5 - 'Image' Multiple Remote File Inclusions
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by x0r0n · textwebappsphp
https://www.exploit-db.com/exploits/28372
This is a vulnerability writeup describing remote file inclusion (RFI) vulnerabilities in Tiny Web Gallery. It outlines how an attacker can include arbitrary remote files containing malicious PHP code via unsanitized input in the 'image' parameter.
Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target:
Tiny Web Gallery (version not specified)
No auth needed
Prerequisites:
Network access to the target · PHP remote file inclusion enabled on the server
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026