EIP-2026-100109

PRE-CVE

aradblog - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100109. PoCs published by Abysssec.

AI-analyzed exploit summary This advisory details two vulnerabilities in aradBlog <= 1.2.8: an authentication bypass via a virtual path ('mainadmin') and an arbitrary file upload vulnerability in the downloads.aspx page. The writeup includes technical details such as affected code paths and PoC URLs.

Description

aradblog - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP VERIFIED

by Abysssec · textwebappsasp

https://www.exploit-db.com/exploits/14954

View Code ZIP pw:eip

This advisory details two vulnerabilities in aradBlog <= 1.2.8: an authentication bypass via a virtual path ('mainadmin') and an arbitrary file upload vulnerability in the downloads.aspx page. The writeup includes technical details such as affected code paths and PoC URLs.

Classification

Writeup 90%

Attack Type

Auth Bypass | Other

Complexity

Trivial

Reliability

Reliable

Target: aradBlog <= 1.2.8

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026