EIP-2026-105795

PRE-CVE

CF Image Hosting Script 1.1 - 'upload.php' Arbitrary File Upload

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105795. PoCs published by The.Morpheus.

AI-analyzed exploit summary The provided text describes an arbitrary file upload vulnerability in CF Image Hosting Script 1.1, allowing attackers to upload and execute arbitrary code on the server. The vulnerability stems from insufficient input sanitization in the upload mechanism.

Description

CF Image Hosting Script 1.1 - 'upload.php' Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP VERIFIED
by The.Morpheus · textwebappsphp
https://www.exploit-db.com/exploits/33918

The provided text describes an arbitrary file upload vulnerability in CF Image Hosting Script 1.1, allowing attackers to upload and execute arbitrary code on the server. The vulnerability stems from insufficient input sanitization in the upload mechanism.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: CF Image Hosting Script 1.1
No auth needed
Prerequisites: Access to the upload functionality at /upload.php
devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026