Exploitation Summary
EIP tracks 1 public exploit for EIP-2026-109019. PoCs published by Xr0b0t.
AI-analyzed exploit summary This is a writeup describing an arbitrary file upload vulnerability in Kleophatra 0.1.4, allowing attackers to upload malicious PHP files via the avatar upload functionality. The vulnerability stems from insufficient file extension validation.
Description
Kleophatra 0.1.4 - Arbitrary File Upload
Exploits (1)
exploitdb
WRITEUP
by Xr0b0t · textwebappsphp
https://www.exploit-db.com/exploits/17005
This is a writeup describing an arbitrary file upload vulnerability in Kleophatra 0.1.4, allowing attackers to upload malicious PHP files via the avatar upload functionality. The vulnerability stems from insufficient file extension validation.
Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:
Kleophatra 0.1.4
Auth required
Prerequisites:
Access to a vulnerable Kleophatra installation · User registration on the target site
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026