EIP-2026-114385

PRE-CVE

Wrapper.php for osCommerce - Local File Inclusion

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114385. PoCs published by Joe Bloomquist.

AI-analyzed exploit summary The provided text describes a local file inclusion (LFI) vulnerability in OsCommerce's Wrapper.php due to improper input sanitization. It allows unauthorized file access via path traversal, but no actual exploit code is included.

Description

Wrapper.php for osCommerce - Local File Inclusion

Exploits (1)

exploitdb WRITEUP VERIFIED
by Joe Bloomquist · textwebappsphp
https://www.exploit-db.com/exploits/30217

The provided text describes a local file inclusion (LFI) vulnerability in OsCommerce's Wrapper.php due to improper input sanitization. It allows unauthorized file access via path traversal, but no actual exploit code is included.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: OsCommerce (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable endpoint
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026