EIP-2026-100150

PRE-CVE

AspxCommerce 2.0 - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100150. PoCs published by SANTHO.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in AspxCommerce v2.0 via the LogoHandler.ashx module, allowing remote attackers to upload and execute malicious ASPX files. The PoC includes a functional ASPX shell for command execution.

Description

AspxCommerce 2.0 - Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC

by SANTHO · textwebappsasp

https://www.exploit-db.com/exploits/28393

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in AspxCommerce v2.0 via the LogoHandler.ashx module, allowing remote attackers to upload and execute malicious ASPX files. The PoC includes a functional ASPX shell for command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: AspxCommerce v2.0 and below

No auth needed

Prerequisites: Network access to the target application · Ability to send HTTP POST requests

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026