EIP-2026-107652

PRE-CVE

Hotel Management System 1.0 - Remote Code Execution (Authenticated)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-107652. PoCs published by Aporlorxl23.

AI-analyzed exploit summary This exploit demonstrates an authenticated remote code execution (RCE) vulnerability in Hotel Management System 1.0 by leveraging SQL injection for authentication bypass and file upload to execute arbitrary PHP code.

Description

Hotel Management System 1.0 - Remote Code Execution (Authenticated)

Exploits (1)

exploitdb WORKING POC

by Aporlorxl23 · pythonwebappsphp

https://www.exploit-db.com/exploits/48888

View Code ZIP pw:eip

This exploit demonstrates an authenticated remote code execution (RCE) vulnerability in Hotel Management System 1.0 by leveraging SQL injection for authentication bypass and file upload to execute arbitrary PHP code.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Hotel Management System 1.0

Auth required

Prerequisites: Target application accessible · File upload functionality enabled · SQL injection vulnerability in login

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026