EIP-2026-104977

PRE-CVE

Advanced Guestbook - 'addentry.php' Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-104977. PoCs published by Ashiyane Digital Security Team.

AI-analyzed exploit summary The provided text describes a file upload vulnerability in Advanced Guestbook 2.4.3, allowing arbitrary file uploads due to insufficient input sanitization. This could lead to arbitrary code execution within the context of the application.

Description

Advanced Guestbook - 'addentry.php' Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ashiyane Digital Security Team · textwebappsphp

https://www.exploit-db.com/exploits/38693

View Code ZIP pw:eip

The provided text describes a file upload vulnerability in Advanced Guestbook 2.4.3, allowing arbitrary file uploads due to insufficient input sanitization. This could lead to arbitrary code execution within the context of the application.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Advanced Guestbook 2.4.3

No auth needed

Prerequisites: Access to the vulnerable endpoint (e.g., /guestbook/addentry.php)

MITRE ATT&CK

T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026