EIP-2026-113125

PRE-CVE

VisNetic Mail Server 8.3.5 - Multiple File Inclusions

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113125. PoCs published by Tan Chew Keong.

AI-analyzed exploit summary The code describes multiple file inclusion vulnerabilities in VisNetic Mail Server due to improper input sanitization. It provides example URLs demonstrating how an attacker can include arbitrary local or remote files, potentially leading to remote code execution.

Description

VisNetic Mail Server 8.3.5 - Multiple File Inclusions

Exploits (1)

exploitdb WRITEUP VERIFIED

by Tan Chew Keong · textwebappsphp

https://www.exploit-db.com/exploits/28229

View Code ZIP pw:eip

The code describes multiple file inclusion vulnerabilities in VisNetic Mail Server due to improper input sanitization. It provides example URLs demonstrating how an attacker can include arbitrary local or remote files, potentially leading to remote code execution.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: VisNetic Mail Server 8.3.5

No auth needed

Prerequisites: Network access to the target server · VisNetic Mail Server with vulnerable version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026