EIP-2026-107144

PRE-CVE

Flax Article Manager 1.1 - Remote PHP Script Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107144. PoCs published by S.W.A.T..

AI-analyzed exploit summary This exploit details a remote file upload vulnerability in Flax Article Manager 1.1, allowing authenticated users to upload malicious PHP files disguised as avatar images, leading to remote code execution.

Description

Flax Article Manager 1.1 - Remote PHP Script Upload

Exploits (1)

exploitdb WORKING POC VERIFIED

by S.W.A.T. · textwebappsphp

https://www.exploit-db.com/exploits/7884

View Code ZIP pw:eip

This exploit details a remote file upload vulnerability in Flax Article Manager 1.1, allowing authenticated users to upload malicious PHP files disguised as avatar images, leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Flax Article Manager v1.1

Auth required

Prerequisites: Valid user account on the target system · Access to the registration or profile edit page

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026