EIP-2026-114385
PRE-CVEWrapper.php for osCommerce - Local File Inclusion
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-114385. PoCs published by Joe Bloomquist.
AI-analyzed exploit summary The provided text describes a local file inclusion (LFI) vulnerability in OsCommerce's Wrapper.php due to improper input sanitization. It allows unauthorized file access via path traversal, but no actual exploit code is included.
Description
Wrapper.php for osCommerce - Local File Inclusion
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Joe Bloomquist · textwebappsphp
https://www.exploit-db.com/exploits/30217
The provided text describes a local file inclusion (LFI) vulnerability in OsCommerce's Wrapper.php due to improper input sanitization. It allows unauthorized file access via path traversal, but no actual exploit code is included.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:
OsCommerce (version unspecified)
No auth needed
Prerequisites:
Access to the vulnerable endpoint
mistral-large-3 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026