EIP-2026-109361

PRE-CVE

Maximus CMS 1.1.2 - 'FCKeditor' Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109361. PoCs published by eidelweiss.

AI-analyzed exploit summary This is a writeup describing an arbitrary file upload vulnerability in Maximus CMS 1.1.2 via the FCKeditor component. It explains how to exploit the vulnerability to upload malicious files, including remote shells, due to improper file extension checks.

Description

Maximus CMS 1.1.2 - 'FCKeditor' Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP

by eidelweiss · textwebappsphp

https://www.exploit-db.com/exploits/15960

View Code ZIP pw:eip

This is a writeup describing an arbitrary file upload vulnerability in Maximus CMS 1.1.2 via the FCKeditor component. It explains how to exploit the vulnerability to upload malicious files, including remote shells, due to improper file extension checks.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Maximus CMS 1.1.2

No auth needed

Prerequisites: Access to the FCKeditor upload functionality

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026