EIP-2026-114409

PRE-CVE

Xataface 1.x - 'action' Local File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114409. PoCs published by ITSecTeam.

AI-analyzed exploit summary The provided text describes a local file inclusion (LFI) vulnerability in Xataface versions prior to 1.2.6, as well as 1.3rc1 and 1.3rc2. The vulnerability allows an attacker to include arbitrary local files via unsanitized input in the `-action` parameter.

Description

Xataface 1.x - 'action' Local File Inclusion

Exploits (1)

exploitdb WRITEUP VERIFIED

by ITSecTeam · textwebappsphp

https://www.exploit-db.com/exploits/35833

View Code ZIP pw:eip

The provided text describes a local file inclusion (LFI) vulnerability in Xataface versions prior to 1.2.6, as well as 1.3rc1 and 1.3rc2. The vulnerability allows an attacker to include arbitrary local files via unsanitized input in the `-action` parameter.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Xataface < 1.2.6, 1.3rc1, 1.3rc2

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026