EIP-2026-109552

PRE-CVE

MonAlbum 0.87 - Arbitrary File Upload / Password Grabber

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109552. PoCs published by v0l4arrra.

AI-analyzed exploit summary This Perl script exploits an arbitrary file upload vulnerability in the 'monalbum' web application to achieve remote code execution. It retrieves admin credentials from the configuration page, logs in, and uploads a malicious PHP shell disguised as an image file.

Description

MonAlbum 0.87 - Arbitrary File Upload / Password Grabber

Exploits (1)

exploitdb WORKING POC VERIFIED

by v0l4arrra · perlwebappsphp

https://www.exploit-db.com/exploits/4714

View Code ZIP pw:eip

This Perl script exploits an arbitrary file upload vulnerability in the 'monalbum' web application to achieve remote code execution. It retrieves admin credentials from the configuration page, logs in, and uploads a malicious PHP shell disguised as an image file.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: monalbum (version unspecified)

Auth required

Prerequisites: Access to the admin login page · Valid admin credentials or ability to extract them from the configuration page

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026