EIP-2026-114446

PRE-CVE

Xonic.ru News 1.0 - 'script.php' Remote Command Execution

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114446. PoCs published by DWC Gr0up.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in Xonic.ru News via the 'script.php' file. The 'data' parameter is insufficiently sanitized, allowing arbitrary command execution with the privileges of the web server.

Description

Xonic.ru News 1.0 - 'script.php' Remote Command Execution

Exploits (1)

exploitdb WORKING POC VERIFIED
by DWC Gr0up · textwebappsphp
https://www.exploit-db.com/exploits/22501

This exploit demonstrates a command injection vulnerability in Xonic.ru News via the 'script.php' file. The 'data' parameter is insufficiently sanitized, allowing arbitrary command execution with the privileges of the web server.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Xonic.ru News (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable 'script.php' endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026