EIP-2026-107217

PRE-CVE

Free Monthly Websites 2.0 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107217. PoCs published by X-Cisadane.

AI-analyzed exploit summary This advisory details multiple vulnerabilities in Free Monthly Websites v2.0, including an authentication bypass via manipulation of the 'do_type' parameter and an unauthorized file upload leading to remote code execution. The analysis includes technical steps, code snippets, and proof-of-concept instructions.

Description

Free Monthly Websites 2.0 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by X-Cisadane · textwebappsphp

https://www.exploit-db.com/exploits/24454

View Code ZIP pw:eip

This advisory details multiple vulnerabilities in Free Monthly Websites v2.0, including an authentication bypass via manipulation of the 'do_type' parameter and an unauthorized file upload leading to remote code execution. The analysis includes technical steps, code snippets, and proof-of-concept instructions.

Classification

Writeup 95%

Attack Type

Auth Bypass | Rce

Complexity

Moderate

Reliability

Reliable

Target: Free Monthly Websites v2.0

No auth needed

Prerequisites: Access to the admin login page · Ability to intercept/modify HTTP requests

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026