EIP-2026-113006

PRE-CVE

vBulletin 4.1.7 - Multiple Remote File Inclusions

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113006. PoCs published by indoushka.

AI-analyzed exploit summary The document describes multiple remote file inclusion (RFI) vulnerabilities in vBulletin 4.1.7 due to improper input sanitization. It lists various endpoints where an attacker can inject malicious file paths to execute arbitrary code or disclose sensitive information.

Description

vBulletin 4.1.7 - Multiple Remote File Inclusions

Exploits (1)

exploitdb WRITEUP VERIFIED

by indoushka · textwebappsphp

https://www.exploit-db.com/exploits/36273

View Code ZIP pw:eip

The document describes multiple remote file inclusion (RFI) vulnerabilities in vBulletin 4.1.7 due to improper input sanitization. It lists various endpoints where an attacker can inject malicious file paths to execute arbitrary code or disclose sensitive information.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: vBulletin 4.1.7

No auth needed

Prerequisites: Network access to the target vBulletin instance · Ability to host a malicious file on a remote server

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026