EIP-2026-100099

PRE-CVE

Acuity CMS 2.6.2 - '/admin/file_manager/file_upload_submit.asp' Multiple Arbitrary File Upload / Code Executions

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100099. PoCs published by Aung Khant.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in Acuity CMS 2.6.2, allowing an attacker to upload and execute malicious ASP code on the server. The PoC includes a multipart form data request that bypasses restrictions to upload a file with executable content.

Description

Acuity CMS 2.6.2 - '/admin/file_manager/file_upload_submit.asp' Multiple Arbitrary File Upload / Code Executions

Exploits (1)

exploitdb WORKING POC VERIFIED

by Aung Khant · textwebappsasp

https://www.exploit-db.com/exploits/37222

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in Acuity CMS 2.6.2, allowing an attacker to upload and execute malicious ASP code on the server. The PoC includes a multipart form data request that bypasses restrictions to upload a file with executable content.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Acuity CMS 2.6.2

Auth required

Prerequisites: Access to the admin interface · Valid session cookie (ASPSessionID)

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026