EIP-2026-107202

PRE-CVE

fowlcms 1.1 - Authentication Bypass / Local File Inclusion / Arbitrary File Upload

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107202. PoCs published by YEnH4ckEr.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in FOWLCMS 1.1, including authentication bypass via SQL injection, shell upload, and local file inclusion (LFI). The PoC provides clear steps to exploit these vulnerabilities, including SQLi payloads and file paths for LFI.

Description

fowlcms 1.1 - Authentication Bypass / Local File Inclusion / Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC VERIFIED
by YEnH4ckEr · textwebappsphp
https://www.exploit-db.com/exploits/8521

This exploit demonstrates multiple vulnerabilities in FOWLCMS 1.1, including authentication bypass via SQL injection, shell upload, and local file inclusion (LFI). The PoC provides clear steps to exploit these vulnerabilities, including SQLi payloads and file paths for LFI.

Classification
Working Poc 90%
Attack Type
Sqli | Auth Bypass | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: FOWLCMS 1.1
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026