EIP-2026-105661

PRE-CVE

businesswiki 2.5rc3 - Persistent Cross-Site Scripting / Arbitrary file upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105661. PoCs published by Shai rod.

AI-analyzed exploit summary This exploit demonstrates a stored XSS vulnerability in BusinessWiki's page comments and user profile fields, as well as an arbitrary file upload vulnerability via FCKEditor. The PoC uploads a PHP shell to achieve remote code execution (RCE).

Description

businesswiki 2.5rc3 - Persistent Cross-Site Scripting / Arbitrary file upload

Exploits (1)

exploitdb WORKING POC

by Shai rod · pythonwebappsphp

https://www.exploit-db.com/exploits/20790

View Code ZIP pw:eip

This exploit demonstrates a stored XSS vulnerability in BusinessWiki's page comments and user profile fields, as well as an arbitrary file upload vulnerability via FCKEditor. The PoC uploads a PHP shell to achieve remote code execution (RCE).

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: BusinessWiki 2.5RC3

Auth required

Prerequisites: Authenticated access to BusinessWiki · FCKEditor file upload functionality enabled · Network access to the target server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026