EIP-2026-114609

PRE-CVE

ZenPhoto 1.4.10 - Local File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114609. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This advisory details a Local File Inclusion (LFI) vulnerability in Zenphoto 1.4.10, specifically in the pluginDoc.php file. The vulnerability allows attackers to read arbitrary server files via directory traversal sequences in the 'extension' parameter.

Description

ZenPhoto 1.4.10 - Local File Inclusion

Exploits (1)

exploitdb WRITEUP

by hyp3rlinx · textwebappsphp

https://www.exploit-db.com/exploits/38841

View Code ZIP pw:eip

This advisory details a Local File Inclusion (LFI) vulnerability in Zenphoto 1.4.10, specifically in the pluginDoc.php file. The vulnerability allows attackers to read arbitrary server files via directory traversal sequences in the 'extension' parameter.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Zenphoto 1.4.10

No auth needed

Prerequisites: Access to the vulnerable endpoint

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026