EIP-2026-109783

PRE-CVE

MyRoom 3.5 GOLD - 'save_item.php' Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-109783. PoCs published by frog.

AI-analyzed exploit summary The exploit demonstrates an arbitrary file upload vulnerability in MyRoom due to inadequate security checks in PHP scripts. By manipulating the 'photo' parameter, an attacker can upload files to unintended locations, potentially leading to remote code execution.

Description

MyRoom 3.5 GOLD - 'save_item.php' Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC VERIFIED

by frog · textwebappsphp

https://www.exploit-db.com/exploits/22186

View Code ZIP pw:eip

The exploit demonstrates an arbitrary file upload vulnerability in MyRoom due to inadequate security checks in PHP scripts. By manipulating the 'photo' parameter, an attacker can upload files to unintended locations, potentially leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: MyRoom (version unspecified)

No auth needed

Prerequisites: Network access to the vulnerable MyRoom instance

MITRE ATT&CK

T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026