EIP-2026-105542

PRE-CVE

BloofoxCMS - 'index.php' Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105542. PoCs published by CWH Underground.

AI-analyzed exploit summary This exploit targets an unrestricted file upload vulnerability in Bloofox CMS 0.5.0, allowing authenticated users to upload arbitrary files and achieve remote code execution. It authenticates as an admin/editor, uploads a malicious PHP shell, and provides interactive command execution.

Description

BloofoxCMS - 'index.php' Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC VERIFIED

by CWH Underground · phpwebappsphp

https://www.exploit-db.com/exploits/38588

View Code ZIP pw:eip

This exploit targets an unrestricted file upload vulnerability in Bloofox CMS 0.5.0, allowing authenticated users to upload arbitrary files and achieve remote code execution. It authenticates as an admin/editor, uploads a malicious PHP shell, and provides interactive command execution.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: bloofoxCMS 0.5.0

Auth required

Prerequisites: Valid admin/editor credentials · Network access to the target

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026