EIP-2026-113055

PRE-CVE

Vespa 0.8.6 - 'getid3.php' Local File Inclusion

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113055. PoCs published by T0x!c.

AI-analyzed exploit summary The provided text describes a local file inclusion (LFI) vulnerability in Vespa 0.8.6, where unsanitized user input in the 'include' parameter of 'getid3.php' allows attackers to read arbitrary files or execute local scripts. The exploit leverages a null byte (%00) to bypass input validation.

Description

Vespa 0.8.6 - 'getid3.php' Local File Inclusion

Exploits (1)

exploitdb WRITEUP VERIFIED
by T0x!c · textwebappsphp
https://www.exploit-db.com/exploits/36664

The provided text describes a local file inclusion (LFI) vulnerability in Vespa 0.8.6, where unsanitized user input in the 'include' parameter of 'getid3.php' allows attackers to read arbitrary files or execute local scripts. The exploit leverages a null byte (%00) to bypass input validation.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Vespa 0.8.6
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026