EIP-2026-100286

PRE-CVE

DUWare Multiple Products - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100286. PoCs published by GulfTech Security.

AI-analyzed exploit summary This writeup details multiple vulnerabilities in DUWare products, including arbitrary file upload, script execution, account hijacking, privilege escalation, and query tampering. The vulnerabilities stem from poor security practices such as lack of input validation, reliance on client-side validation, and plaintext password storage.

Description

DUWare Multiple Products - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by GulfTech Security · textwebappsasp

https://www.exploit-db.com/exploits/43788

View Code ZIP pw:eip

This writeup details multiple vulnerabilities in DUWare products, including arbitrary file upload, script execution, account hijacking, privilege escalation, and query tampering. The vulnerabilities stem from poor security practices such as lack of input validation, reliance on client-side validation, and plaintext password storage.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: DUWare DUPortal Pro and related products

No auth needed

Prerequisites: Access to the web application · Basic knowledge of web vulnerabilities

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026