EIP-2026-104643

PRE-CVE

PHP - MultiPart Form-Data Denial of Service (PoC)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104643. PoCs published by Bogdan Calin.

AI-analyzed exploit summary This exploit is a proof-of-concept for a Denial of Service (DoS) attack targeting PHP's handling of multipart form data. It floods the target with a large number of files in a single POST request, potentially causing resource exhaustion.

Description

PHP - MultiPart Form-Data Denial of Service (PoC)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Bogdan Calin · pythondosphp

https://www.exploit-db.com/exploits/10243

View Code ZIP pw:eip

This exploit is a proof-of-concept for a Denial of Service (DoS) attack targeting PHP's handling of multipart form data. It floods the target with a large number of files in a single POST request, potentially causing resource exhaustion.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: PHP (unspecified version)

No auth needed

Prerequisites: Network access to the target PHP application

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026