EIP-2026-110022

PRE-CVE

OemPro 3.6.4 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110022. PoCs published by Ignacio Garrido.

AI-analyzed exploit summary This document details multiple vulnerabilities in OemPro v3.6.4, including path disclosure, file upload vulnerabilities via FCKEditor, and SQL injection flaws. It provides technical details such as vulnerable endpoints, code snippets, and exploitation methods.

Description

OemPro 3.6.4 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by Ignacio Garrido · textwebappsphp

https://www.exploit-db.com/exploits/16106

View Code ZIP pw:eip

This document details multiple vulnerabilities in OemPro v3.6.4, including path disclosure, file upload vulnerabilities via FCKEditor, and SQL injection flaws. It provides technical details such as vulnerable endpoints, code snippets, and exploitation methods.

Classification

Writeup 90%

Attack Type

Sqli | Info Leak | Other

Complexity

Moderate

Reliability

Reliable

Target: OemPro v3.6.4 and prior

No auth needed

Prerequisites: Access to vulnerable endpoints · Ability to craft malicious HTTP requests

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026