EIP-2026-113223

PRE-CVE

Web Server Creator Web Portal 0.1 - Remote File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113223. PoCs published by frog.

AI-analyzed exploit summary The exploit demonstrates a file inclusion vulnerability in Web Server Creator Web Portal, allowing remote attackers to include arbitrary PHP scripts via manipulated 'l' and 'pg' parameters in customize.php and index.php, respectively. This leads to remote code execution with webserver privileges.

Description

Web Server Creator Web Portal 0.1 - Remote File Inclusion

Exploits (1)

exploitdb WORKING POC VERIFIED

by frog · textwebappsphp

https://www.exploit-db.com/exploits/22044

View Code ZIP pw:eip

The exploit demonstrates a file inclusion vulnerability in Web Server Creator Web Portal, allowing remote attackers to include arbitrary PHP scripts via manipulated 'l' and 'pg' parameters in customize.php and index.php, respectively. This leads to remote code execution with webserver privileges.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Web Server Creator Web Portal

No auth needed

Prerequisites: Network access to the target web server · Web Server Creator Web Portal installed and running

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026