EIP-2026-110194

PRE-CVE

Online Traffic Offense Management System 1.0 - Multiple RCE (Unauthenticated)

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110194. PoCs published by snup.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated remote code execution (RCE) vulnerability in Online Traffic Offense Management System 1.0 via arbitrary file upload. The PoC shows how an attacker can upload a malicious PHP file disguised as an image, which is then executed on the server.

Description

Online Traffic Offense Management System 1.0 - Multiple RCE (Unauthenticated)

Exploits (1)

exploitdb WORKING POC

by snup · textwebappsphp

https://www.exploit-db.com/exploits/50389

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated remote code execution (RCE) vulnerability in Online Traffic Offense Management System 1.0 via arbitrary file upload. The PoC shows how an attacker can upload a malicious PHP file disguised as an image, which is then executed on the server.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Online Traffic Offense Management System 1.0

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026