EIP-2026-100400

PRE-CVE

Luftguitar CMS - Upload Arbitrary File

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100400. PoCs published by Abysssec.

AI-analyzed exploit summary This advisory describes an arbitrary file upload vulnerability in Luftguitar CMS 2.0.2, allowing attackers to upload malicious files via the Image Gallery component. The uploaded files are stored in the /Images/ directory, potentially leading to remote code execution if executable files are uploaded.

Description

Luftguitar CMS - Upload Arbitrary File

Exploits (1)

exploitdb WRITEUP VERIFIED

by Abysssec · textwebappsasp

https://www.exploit-db.com/exploits/14991

View Code ZIP pw:eip

This advisory describes an arbitrary file upload vulnerability in Luftguitar CMS 2.0.2, allowing attackers to upload malicious files via the Image Gallery component. The uploaded files are stored in the /Images/ directory, potentially leading to remote code execution if executable files are uploaded.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Luftguitar CMS 2.0.2

No auth needed

Prerequisites: Access to the vulnerable upload endpoint

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026