EIP-2026-112995

PRE-CVE

vBulletin 3.8.6 - 'faq.php' Information Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112995. PoCs published by H-SK33PY.

AI-analyzed exploit summary This is a technical writeup detailing an information disclosure vulnerability in vBulletin 3.8.6. The vulnerability allows attackers to retrieve database credentials by searching for the term 'Database' in the FAQ section, which inadvertently exposes the contents of the 'database_ingo' phrase containing sensitive configuration details.

Description

vBulletin 3.8.6 - 'faq.php' Information Disclosure

Exploits (1)

exploitdb WRITEUP VERIFIED

by H-SK33PY · textwebappsphp

https://www.exploit-db.com/exploits/14455

View Code ZIP pw:eip

This is a technical writeup detailing an information disclosure vulnerability in vBulletin 3.8.6. The vulnerability allows attackers to retrieve database credentials by searching for the term 'Database' in the FAQ section, which inadvertently exposes the contents of the 'database_ingo' phrase containing sensitive configuration details.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: vBulletin 3.8.6

No auth needed

Prerequisites: Access to the FAQ/search functionality of a vulnerable vBulletin instance

MITRE ATT&CK

T1592 - Gather Victim Host Information T1592.002 - Software

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026