EIP-2026-110338

PRE-CVE

Orangescrum 1.6.1 - Multiple Vulnerabilities

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110338. PoCs published by tomplixsee.

AI-analyzed exploit summary The exploit details multiple vulnerabilities in Orangescrum 1.6.1, including arbitrary file upload, SQL injection, stored XSS, and arbitrary file copy. It provides clear steps and examples for exploitation, including code snippets for SQL injection and XSS.

Description

Orangescrum 1.6.1 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC
by tomplixsee · textwebappsphp
https://www.exploit-db.com/exploits/42330

The exploit details multiple vulnerabilities in Orangescrum 1.6.1, including arbitrary file upload, SQL injection, stored XSS, and arbitrary file copy. It provides clear steps and examples for exploitation, including code snippets for SQL injection and XSS.

Classification
Working Poc 90%
Attack Type
Sqli | Xss | Other
Complexity
Trivial
Reliability
Reliable
Target: Orangescrum 1.6.1
Auth required
Prerequisites: Valid credentials for Orangescrum 1.6.1 · Access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026