EIP-2026-107016

PRE-CVE

EZPX My Photoblog 1.2 - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107016. PoCs published by indoushka.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in EZPX My photoblog 1.2-beta, allowing attackers to upload malicious files (e.g., shells) via the admin photo upload endpoint. The exploit provides direct paths to the vulnerable upload endpoint and the uploaded content directory.

Description

EZPX My Photoblog 1.2 - Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC VERIFIED

by indoushka · textwebappsphp

https://www.exploit-db.com/exploits/10691

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in EZPX My photoblog 1.2-beta, allowing attackers to upload malicious files (e.g., shells) via the admin photo upload endpoint. The exploit provides direct paths to the vulnerable upload endpoint and the uploaded content directory.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: EZPX My photoblog 1.2-beta

Auth required

Prerequisites: Access to the admin interface · Valid credentials for authentication

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026