EIP-2026-104733

PRE-CVE

Idera Up.Time Monitoring Station 7.4 - 'post2file.php' Arbitrary File Upload (Metasploit)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104733. PoCs published by Metasploit.

AI-analyzed exploit summary This Metasploit module exploits an arbitrary file upload vulnerability in Idera Up.time Monitoring Station 7.4 and 7.5, bypassing vendor mitigations to achieve remote code execution via authenticated file upload and service creation.

Description

Idera Up.Time Monitoring Station 7.4 - 'post2file.php' Arbitrary File Upload (Metasploit)

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotephp

https://www.exploit-db.com/exploits/38733

View Code ZIP pw:eip

This Metasploit module exploits an arbitrary file upload vulnerability in Idera Up.time Monitoring Station 7.4 and 7.5, bypassing vendor mitigations to achieve remote code execution via authenticated file upload and service creation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Idera Up.time Monitoring Station 7.4.0 - 7.5.0

Auth required

Prerequisites: Valid credentials for the Up.time application · Network access to the target on port 9999

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026