EIP-2026-105478
PRE-CVEBilder Upload Script Datei Upload 1.09 - Arbitrary File Upload
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-105478. PoCs published by Mr.Benladen.
AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in Bilder Upload Script 1.09, allowing attackers to bypass file extension restrictions and upload malicious PHP scripts disguised as images. The PoC instructs users to upload a file with a double extension (e.g., evil.php.jpg) or manipulate the filename parameter to achieve remote code execution.
Description
Bilder Upload Script Datei Upload 1.09 - Arbitrary File Upload
Exploits (1)
This exploit demonstrates an arbitrary file upload vulnerability in Bilder Upload Script 1.09, allowing attackers to bypass file extension restrictions and upload malicious PHP scripts disguised as images. The PoC instructs users to upload a file with a double extension (e.g., evil.php.jpg) or manipulate the filename parameter to achieve remote code execution.