EIP-2026-105978

PRE-CVE

CMS Lokomedia 1.5 - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-105978. PoCs published by eidelweiss.

AI-analyzed exploit summary The exploit demonstrates an arbitrary file upload vulnerability in CMS Lokomedia 1.5 via the TinyMCPUK file manager component. Attackers can upload malicious files (e.g., shells) to the server by accessing specific URLs, bypassing file upload restrictions.

Description

CMS Lokomedia 1.5 - Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC

by eidelweiss · textwebappsphp

https://www.exploit-db.com/exploits/17014

View Code ZIP pw:eip

The exploit demonstrates an arbitrary file upload vulnerability in CMS Lokomedia 1.5 via the TinyMCPUK file manager component. Attackers can upload malicious files (e.g., shells) to the server by accessing specific URLs, bypassing file upload restrictions.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: CMS Lokomedia 1.5

No auth needed

Prerequisites: Access to the TinyMCPUK file manager interface

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026