EIP-2026-105795
PRE-CVECF Image Hosting Script 1.1 - 'upload.php' Arbitrary File Upload
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-105795. PoCs published by The.Morpheus.
AI-analyzed exploit summary The provided text describes an arbitrary file upload vulnerability in CF Image Hosting Script 1.1, allowing attackers to upload and execute arbitrary code on the server. The vulnerability stems from insufficient input sanitization in the upload mechanism.
Description
CF Image Hosting Script 1.1 - 'upload.php' Arbitrary File Upload
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by The.Morpheus · textwebappsphp
https://www.exploit-db.com/exploits/33918
The provided text describes an arbitrary file upload vulnerability in CF Image Hosting Script 1.1, allowing attackers to upload and execute arbitrary code on the server. The vulnerability stems from insufficient input sanitization in the upload mechanism.
Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:
CF Image Hosting Script 1.1
No auth needed
Prerequisites:
Access to the upload functionality at /upload.php
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026