EIP-2026-112812

PRE-CVE

TurnkeyWebTools PHP Simple Shop 2.0 - Multiple Remote File Inclusions

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112812. PoCs published by Matdhule.

AI-analyzed exploit summary The provided text describes multiple remote file inclusion vulnerabilities in PHP Simple Shop version 2.0. It outlines how an attacker can exploit these vulnerabilities to execute arbitrary PHP code by manipulating the 'abs_path' parameter in various admin scripts.

Description

TurnkeyWebTools PHP Simple Shop 2.0 - Multiple Remote File Inclusions

Exploits (1)

exploitdb WRITEUP VERIFIED

by Matdhule · textwebappsphp

https://www.exploit-db.com/exploits/28349

View Code ZIP pw:eip

The provided text describes multiple remote file inclusion vulnerabilities in PHP Simple Shop version 2.0. It outlines how an attacker can exploit these vulnerabilities to execute arbitrary PHP code by manipulating the 'abs_path' parameter in various admin scripts.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PHP Simple Shop 2.0

No auth needed

Prerequisites: Access to the target web application · Ability to host malicious PHP code on an external server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026