EIP-2026-109013

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109013. PoCs published by Efrén Díaz.

AI-analyzed exploit summary This PHP script exploits an arbitrary file upload vulnerability in KingMedia CMS versions 1.x to 4.1 by uploading a malicious file via a crafted POST request. The exploit uses cURL to send the file and extracts the uploaded file path from the response.

Description

KingMedia 4.1 - File Upload

Exploits (1)

exploitdb WORKING POC VERIFIED

by Efrén Díaz · phpwebappsphp

https://www.exploit-db.com/exploits/45237

View Code ZIP pw:eip

This PHP script exploits an arbitrary file upload vulnerability in KingMedia CMS versions 1.x to 4.1 by uploading a malicious file via a crafted POST request. The exploit uses cURL to send the file and extracts the uploaded file path from the response.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: KingMedia CMS versions 1.x, 2.x, 3.x, 4.1

No auth needed

Prerequisites: Target URL · Malicious file to upload

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

KingMedia 4.1 - File Upload

Exploitation Summary

Description

Exploits (1)

Details