EIP-2026-112834

PRE-CVE

Typo3 3.5 b5 - 'Translations.php' Remote File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112834. PoCs published by Martin Eiszner.

AI-analyzed exploit summary The exploit demonstrates a file inclusion vulnerability in TYPO3, allowing remote attackers to include and execute arbitrary files from external servers via manipulated URI parameters. The provided URLs show how an attacker can inject malicious PHP code into a log file and then include it, leading to remote command execution.

Description

Typo3 3.5 b5 - 'Translations.php' Remote File Inclusion

Exploits (1)

exploitdb WORKING POC VERIFIED

by Martin Eiszner · textwebappsphp

https://www.exploit-db.com/exploits/22298

View Code ZIP pw:eip

The exploit demonstrates a file inclusion vulnerability in TYPO3, allowing remote attackers to include and execute arbitrary files from external servers via manipulated URI parameters. The provided URLs show how an attacker can inject malicious PHP code into a log file and then include it, leading to remote command execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: TYPO3 (version not specified)

No auth needed

Prerequisites: Access to a vulnerable TYPO3 installation · Ability to manipulate URI parameters

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026