EIP-2026-109204

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109204. PoCs published by Ihsan Sencan.

AI-analyzed exploit summary The exploit describes an arbitrary file upload vulnerability in Login-Reg Members Management PHP 1.0, where the application fails to validate file types during profile picture uploads, allowing attackers to upload malicious files. The proof of concept outlines the vulnerable code path and demonstrates how an attacker can exploit this to achieve remote code execution.

Description

Login-Reg Members Management PHP 1.0 - Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP

by Ihsan Sencan · textwebappsphp

https://www.exploit-db.com/exploits/42575

View Code ZIP pw:eip

The exploit describes an arbitrary file upload vulnerability in Login-Reg Members Management PHP 1.0, where the application fails to validate file types during profile picture uploads, allowing attackers to upload malicious files. The proof of concept outlines the vulnerable code path and demonstrates how an attacker can exploit this to achieve remote code execution.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Login-Reg Members Management PHP 1.0

No auth needed

Prerequisites: Access to the signup.php page · Ability to upload files

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Login-Reg Members Management PHP 1.0 - Arbitrary File Upload

Exploitation Summary

Description

Exploits (1)

Details