EIP-2026-105844

PRE-CVE

Church Management System 1.0 - Arbitrary File Upload (Authenticated)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105844. PoCs published by Murat DEMİRCİ.

AI-analyzed exploit summary This exploit demonstrates an unrestricted file upload vulnerability in Church Management System 1.0, allowing authenticated users to bypass file extension checks via proxy interception and achieve remote code execution by uploading a malicious PHP file.

Description

Church Management System 1.0 - Arbitrary File Upload (Authenticated)

Exploits (1)

exploitdb WORKING POC

by Murat DEMİRCİ · textwebappsphp

https://www.exploit-db.com/exploits/50090

View Code ZIP pw:eip

This exploit demonstrates an unrestricted file upload vulnerability in Church Management System 1.0, allowing authenticated users to bypass file extension checks via proxy interception and achieve remote code execution by uploading a malicious PHP file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Church Management System 1.0

Auth required

Prerequisites: Authenticated user access · Proxy tool for request interception

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026