EIP-2026-107347

PRE-CVE

Garbage Collection Management System 1.0 - SQL Injection + Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107347. PoCs published by Luca Bernardi.

AI-analyzed exploit summary This exploit demonstrates SQL injection to bypass authentication and arbitrary file upload to achieve remote code execution (RCE) in Garbage Collection Management System 1.0. It creates an admin user and uploads a PHP web shell for command execution.

Description

Garbage Collection Management System 1.0 - SQL Injection + Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC

by Luca Bernardi · pythonwebappsphp

https://www.exploit-db.com/exploits/50123

View Code ZIP pw:eip

This exploit demonstrates SQL injection to bypass authentication and arbitrary file upload to achieve remote code execution (RCE) in Garbage Collection Management System 1.0. It creates an admin user and uploads a PHP web shell for command execution.

Classification

Working Poc 95%

Attack Type

Rce | Sqli | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Garbage Collection Management System 1.0

No auth needed

Prerequisites: Network access to the target application · PHP file upload functionality enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026