EIP-2026-114428

PRE-CVE

XGB 1.2 - Remote Form Field Input Validation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114428. PoCs published by Firehack.

AI-analyzed exploit summary The exploit describes a PHP code injection vulnerability in xGB guestbook software due to insufficient input validation. An attacker can inject PHP code into form fields, leading to arbitrary command execution and deletion of the datafile.

Description

XGB 1.2 - Remote Form Field Input Validation

Exploits (1)

exploitdb WRITEUP VERIFIED

by Firehack · textwebappsphp

https://www.exploit-db.com/exploits/21382

View Code ZIP pw:eip

The exploit describes a PHP code injection vulnerability in xGB guestbook software due to insufficient input validation. An attacker can inject PHP code into form fields, leading to arbitrary command execution and deletion of the datafile.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: xGB guestbook software

No auth needed

Prerequisites: Access to the guestbook form fields

MITRE ATT&CK

T1210 - Exploitation of Remote Services T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026