EIP-2026-113134

PRE-CVE

Vivvo CMS - Local File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113134. PoCs published by JaBrOtxHaCkEr.

AI-analyzed exploit summary The exploit demonstrates a Local File Inclusion (LFI) vulnerability in Vivvo CMS v4.5 or earlier via the compress.php file. By manipulating the file parameter, an attacker can include arbitrary files (e.g., conf.php) from the server.

Description

Vivvo CMS - Local File Inclusion

Exploits (1)

exploitdb WORKING POC

by JaBrOtxHaCkEr · textwebappsphp

https://www.exploit-db.com/exploits/17920

View Code ZIP pw:eip

The exploit demonstrates a Local File Inclusion (LFI) vulnerability in Vivvo CMS v4.5 or earlier via the compress.php file. By manipulating the file parameter, an attacker can include arbitrary files (e.g., conf.php) from the server.

Classification

Working Poc 80%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Vivvo CMS v4.5 or earlier

No auth needed

Prerequisites: Access to the compress.php endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026