Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-107371. PoCs published by JaL0h.
AI-analyzed exploit summary This writeup details a remote file upload vulnerability in Geeklog <= v1.6.0sr2, where the image upload process fails to validate the MIME type, allowing arbitrary file uploads (e.g., JavaScript or PHP) with spoofed extensions. It also describes potential abuse scenarios, including XSS and cookie theft leading to privilege escalation.
Description
Geeklog 1.6.0sr2 - Arbitrary File Upload
Exploits (1)
This writeup details a remote file upload vulnerability in Geeklog <= v1.6.0sr2, where the image upload process fails to validate the MIME type, allowing arbitrary file uploads (e.g., JavaScript or PHP) with spoofed extensions. It also describes potential abuse scenarios, including XSS and cookie theft leading to privilege escalation.