EIP-2026-105634

PRE-CVE

BSW Gallery - 'uploadpic.php' Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105634. PoCs published by cr4wl3r.

AI-analyzed exploit summary The exploit demonstrates an arbitrary file upload vulnerability in BSW Gallery due to insufficient input sanitization. Attackers can upload malicious files (e.g., shell.php) to achieve remote code execution (RCE) on the server.

Description

BSW Gallery - 'uploadpic.php' Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC VERIFIED

by cr4wl3r · textwebappsphp

https://www.exploit-db.com/exploits/37959

View Code ZIP pw:eip

The exploit demonstrates an arbitrary file upload vulnerability in BSW Gallery due to insufficient input sanitization. Attackers can upload malicious files (e.g., shell.php) to achieve remote code execution (RCE) on the server.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: BSW Gallery (version unspecified)

No auth needed

Prerequisites: Access to the uploadpic.php endpoint · Ability to send HTTP POST requests with file uploads

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026