EIP-2026-109191

PRE-CVE

Lizard Cart - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109191. PoCs published by indoushka.

AI-analyzed exploit summary This is a writeup describing an arbitrary file upload vulnerability in Lizard Cart. It lists paths where the upload functionality can be accessed and where the uploaded shell can be found, but does not include actual exploit code.

Description

Lizard Cart - Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP VERIFIED

by indoushka · textwebappsphp

https://www.exploit-db.com/exploits/10695

View Code ZIP pw:eip

This is a writeup describing an arbitrary file upload vulnerability in Lizard Cart. It lists paths where the upload functionality can be accessed and where the uploaded shell can be found, but does not include actual exploit code.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Lizard Cart (2tone Web Design)

No auth needed

Prerequisites: access to the admin/jscript/upload.php or related endpoints

MITRE ATT&CK

T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026