EIP-2026-100287

PRE-CVE

DUware Software - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100287. PoCs published by Security Corporation.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass and arbitrary file upload vulnerability in various DUware products, specifically targeting DUpics. The provided HTML form allows an attacker to upload arbitrary files to the server by bypassing authentication checks.

Description

DUware Software - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Security Corporation · textwebappsasp

https://www.exploit-db.com/exploits/23561

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass and arbitrary file upload vulnerability in various DUware products, specifically targeting DUpics. The provided HTML form allows an attacker to upload arbitrary files to the server by bypassing authentication checks.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: DUware products (DUpics, DUclassified, DUdirectory, DUdownload, DUgallery, DUportal) versions unspecified

No auth needed

Prerequisites: Access to the target admin interface URLs · Network access to the vulnerable server

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026