EIP-2026-106608
PRE-CVEDynPage 1.0 - 'ckfinder' Multiple Arbitrary File Upload Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-106608. PoCs published by KedAns-Dz.
AI-analyzed exploit summary The exploit demonstrates an arbitrary file upload vulnerability in DynPage 1.0 by providing HTML forms that bypass file extension restrictions, allowing attackers to upload malicious files (e.g., PHP shells) via the CKFinder component.
Description
DynPage 1.0 - 'ckfinder' Multiple Arbitrary File Upload Vulnerabilities
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by KedAns-Dz · textwebappsphp
https://www.exploit-db.com/exploits/37321
The exploit demonstrates an arbitrary file upload vulnerability in DynPage 1.0 by providing HTML forms that bypass file extension restrictions, allowing attackers to upload malicious files (e.g., PHP shells) via the CKFinder component.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:
DynPage 1.0
No auth needed
Prerequisites:
Access to the vulnerable DynPage instance · CKFinder component enabled
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026