EIP-2026-107133

PRE-CVE

Flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107133. PoCs published by girex.

AI-analyzed exploit summary This writeup describes multiple local file inclusion vulnerabilities and a file upload bypass in Flatnux CMS. The upload bypass allows .phtml files to be uploaded, which may be executed as PHP depending on server configuration. Authentication is required for exploitation.

Description

Flatnux 2009-03-27 - Arbitrary File Upload / Information Disclosure

Exploits (1)

exploitdb WRITEUP VERIFIED

by girex · textwebappsphp

https://www.exploit-db.com/exploits/8483

View Code ZIP pw:eip

This writeup describes multiple local file inclusion vulnerabilities and a file upload bypass in Flatnux CMS. The upload bypass allows .phtml files to be uploaded, which may be executed as PHP depending on server configuration. Authentication is required for exploitation.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Flatnux CMS (version 2009-03-27)

Auth required

Prerequisites: Valid credentials for authentication · Server configuration allowing .phtml execution or LFI exploitation

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1205 - Traffic Signaling

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026