EIP-2026-107371

PRE-CVE

Geeklog 1.6.0sr2 - Arbitrary File Upload

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107371. PoCs published by JaL0h.

AI-analyzed exploit summary This writeup details a remote file upload vulnerability in Geeklog <= v1.6.0sr2, where the image upload process fails to validate the MIME type, allowing arbitrary file uploads (e.g., JavaScript or PHP) with spoofed extensions. It also describes potential abuse scenarios, including XSS and cookie theft leading to privilege escalation.

Description

Geeklog 1.6.0sr2 - Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP VERIFIED
by JaL0h · textwebappsphp
https://www.exploit-db.com/exploits/9855

This writeup details a remote file upload vulnerability in Geeklog <= v1.6.0sr2, where the image upload process fails to validate the MIME type, allowing arbitrary file uploads (e.g., JavaScript or PHP) with spoofed extensions. It also describes potential abuse scenarios, including XSS and cookie theft leading to privilege escalation.

Classification
Writeup 90%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Geeklog <= v1.6.0sr2
Auth required
Prerequisites: User account creation · Browser with MIME type spoofing capability (e.g., Firefox)
mistral-large-3 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026