EIP-2026-106432

PRE-CVE

DeWorkshop 1.0 - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-106432. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary The exploit describes an arbitrary file upload vulnerability in DeWorkshop 1.0, where the application fails to validate file extensions during profile picture uploads, allowing attackers to upload malicious files. The vulnerability is demonstrated via a proof-of-concept URL and code snippet showing the insecure file handling logic.

Description

DeWorkshop 1.0 - Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP

by Ihsan Sencan · textwebappsphp

https://www.exploit-db.com/exploits/42504

View Code ZIP pw:eip

The exploit describes an arbitrary file upload vulnerability in DeWorkshop 1.0, where the application fails to validate file extensions during profile picture uploads, allowing attackers to upload malicious files. The vulnerability is demonstrated via a proof-of-concept URL and code snippet showing the insecure file handling logic.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: DeWorkshop 1.0

Auth required

Prerequisites: Access to the customer profile update functionality · Valid session or authentication credentials

MITRE ATT&CK

T1133 - External Remote Services T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026