EIP-2026-113386

PRE-CVE

webYourPhotos 6.05 - 'index.php' Remote File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113386. PoCs published by Sn!pEr.S!Te Hacker.

AI-analyzed exploit summary This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in webYourPhotos version 6.05. The vulnerability allows an attacker to include arbitrary remote files via the 'template' parameter in index.php, leading to potential remote code execution.

Description

webYourPhotos 6.05 - 'index.php' Remote File Inclusion

Exploits (1)

exploitdb WORKING POC

by Sn!pEr.S!Te Hacker · textwebappsphp

https://www.exploit-db.com/exploits/12674

View Code ZIP pw:eip

This exploit demonstrates a Remote File Inclusion (RFI) vulnerability in webYourPhotos version 6.05. The vulnerability allows an attacker to include arbitrary remote files via the 'template' parameter in index.php, leading to potential remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: webYourPhotos < 6.05

No auth needed

Prerequisites: Remote file inclusion must be enabled on the target server · Attacker must be able to host a malicious file on a remote server

MITRE ATT&CK

T1189 - Drive-by Compromise T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026