EIP-2026-113271

PRE-CVE

webERP 4.08.1 - Local/Remote File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113271. PoCs published by dun.

AI-analyzed exploit summary This is a detailed writeup describing a Local/Remote File Inclusion vulnerability in webERP <= 4.08.1. It explains how the vulnerability can be exploited via path traversal or RFI using FTP/HTTP wrappers, but does not include executable exploit code.

Description

webERP 4.08.1 - Local/Remote File Inclusion

Exploits (1)

exploitdb WRITEUP VERIFIED

by dun · textwebappsphp

https://www.exploit-db.com/exploits/19431

View Code ZIP pw:eip

This is a detailed writeup describing a Local/Remote File Inclusion vulnerability in webERP <= 4.08.1. It explains how the vulnerability can be exploited via path traversal or RFI using FTP/HTTP wrappers, but does not include executable exploit code.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Theoretical

Target: webERP <= 4.08.1

No auth needed

Prerequisites: magic_quotes_gpc = Off for LFI · allow_url_fopen = On and allow_url_include = On for RFI · register_globals = On for RFI

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026