EIP-2026-105577

PRE-CVE

BOLDfx eUploader 3.1.1 - 'admin.php' Multiple Remote Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105577. PoCs published by Milos Zivanovic.

AI-analyzed exploit summary The provided HTML form demonstrates a CSRF vulnerability in BOLDfx eUploader PRO 3.1.1, allowing an attacker to modify user credentials and admin access without proper authentication. The exploit leverages a crafted POST request to the admin.php endpoint to escalate privileges.

Description

BOLDfx eUploader 3.1.1 - 'admin.php' Multiple Remote Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by Milos Zivanovic · htmlwebappsphp

https://www.exploit-db.com/exploits/34351

View Code ZIP pw:eip

The provided HTML form demonstrates a CSRF vulnerability in BOLDfx eUploader PRO 3.1.1, allowing an attacker to modify user credentials and admin access without proper authentication. The exploit leverages a crafted POST request to the admin.php endpoint to escalate privileges.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: BOLDfx eUploader PRO 3.1.1

No auth needed

Prerequisites: Victim must be tricked into submitting the form · Target application must be vulnerable to CSRF

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026