EIP-2026-106672
PRE-CVEe107 Hupsi_fancybox Plugin - 'Uploadify.php' Arbitrary File Upload
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-106672. PoCs published by Sammy FORGIT.
AI-analyzed exploit summary This PHP script exploits an arbitrary file upload vulnerability in the Hupsi_fancybox Plugin for e107 by sending a crafted POST request via cURL to upload a malicious file ('lo.php'). The vulnerability arises from insufficient input sanitization in the 'uploadify.php' endpoint.
Description
e107 Hupsi_fancybox Plugin - 'Uploadify.php' Arbitrary File Upload
Exploits (1)
This PHP script exploits an arbitrary file upload vulnerability in the Hupsi_fancybox Plugin for e107 by sending a crafted POST request via cURL to upload a malicious file ('lo.php'). The vulnerability arises from insufficient input sanitization in the 'uploadify.php' endpoint.