CVE-2026-10806
MEDIUMmjperpinosa stumasy add_post.php unrestricted upload
Title source: cnaDescription
A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post.php. Performing a manipulation of the argument up_file_to_post results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
References (6)
Core 6
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-368254 | mjperpinosa stumasy add_post.php unrestricted upload
https://vuldb.com/vuln/368254
Signature, Permissions Required signature
permissions-required
VDB-368254 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/368254/cti
Third Party Advisory third-party-advisory
CVE-2026-10806 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-10806
Third Party Advisory third-party-advisory
Submit #831510 | mjperpinosa stumasy 1.0 RCE vulnerability
https://vuldb.com/submit/831510
Exploit exploit
issue-tracking
https://github.com/mjperpinosa/stumasy/issues/1
Product product
https://github.com/mjperpinosa/stumasy/
Scores
CVSS v3
6.3
EPSS
0.0021
EPSS Percentile
11.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
CWE-434
Status
published
Products (3)
mjperpinosa/stumasy
25d695901fbb586bf184b8ba73456d8e5311656c
mjperpinosa/stumasy
327d1b0f2915ba79d7ef8ebb74553e987609d9be
mjperpinosa/stumasy
79c86fce86a09adc6edcbd6d56115fbff14ed538
Published
Jun 04, 2026
Tracked Since
Jun 04, 2026