EIP-2026-105960

PRE-CVE

CMS Balitbang 3.3 - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105960. PoCs published by eidelweiss.

AI-analyzed exploit summary The exploit describes an arbitrary file upload vulnerability in CMS Balitbang v3.3 due to the use of an outdated FCKeditor version. The vulnerability allows attackers to upload malicious PHP files by bypassing extension checks.

Description

CMS Balitbang 3.3 - Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP VERIFIED

by eidelweiss · textwebappsphp

https://www.exploit-db.com/exploits/17009

View Code ZIP pw:eip

The exploit describes an arbitrary file upload vulnerability in CMS Balitbang v3.3 due to the use of an outdated FCKeditor version. The vulnerability allows attackers to upload malicious PHP files by bypassing extension checks.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: CMS Balitbang v3.3

No auth needed

Prerequisites: Access to the upload endpoint · Outdated FCKeditor configuration

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026