EIP-2026-100159

PRE-CVE

Baran CMS 1.0 - 'Arbitrary '.ASP' File Upload / File Disclosure / SQL Injection / Cross-Site Scripting / Cookie Manipulation

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100159. PoCs published by Aria-Security Team.

AI-analyzed exploit summary This is a vulnerability writeup detailing multiple issues in Baran CMS 1.0, including arbitrary file upload, database backup exposure, SQL injection, XSS, and cookie manipulation. No actual exploit code is provided.

Description

Baran CMS 1.0 - 'Arbitrary '.ASP' File Upload / File Disclosure / SQL Injection / Cross-Site Scripting / Cookie Manipulation

Exploits (1)

exploitdb WRITEUP VERIFIED

by Aria-Security Team · textwebappsasp

https://www.exploit-db.com/exploits/8048

View Code ZIP pw:eip

This is a vulnerability writeup detailing multiple issues in Baran CMS 1.0, including arbitrary file upload, database backup exposure, SQL injection, XSS, and cookie manipulation. No actual exploit code is provided.

Classification

Writeup 90%

Attack Type

Info Leak | Sqli | Xss | Other

Complexity

Trivial

Reliability

Theoretical

Target: Baran CMS 1.0

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1552 - Unsecured Credentials T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026