EIP-2026-110339

PRE-CVE

Orbis CMS 1.0 - File Delete / Download File / Arbitrary File Upload / SQL Injection

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110339. PoCs published by SirGod.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in Orbis CMS 1.0, including arbitrary file download, arbitrary file deletion, SQL injection, and arbitrary shell upload. The PoC provides clear examples of how to exploit these vulnerabilities without requiring authentication for some of them.

Description

Orbis CMS 1.0 - File Delete / Download File / Arbitrary File Upload / SQL Injection

Exploits (1)

exploitdb WORKING POC VERIFIED

by SirGod · textwebappsphp

https://www.exploit-db.com/exploits/9309

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in Orbis CMS 1.0, including arbitrary file download, arbitrary file deletion, SQL injection, and arbitrary shell upload. The PoC provides clear examples of how to exploit these vulnerabilities without requiring authentication for some of them.

Classification

Working Poc 95%

Attack Type

Info Leak | Sqli | Other

Complexity

Trivial

Reliability

Reliable

Target: Orbis CMS 1.0

No auth needed

Prerequisites: Access to the target web application · For SQLi and shell upload, valid credentials may be required

MITRE ATT&CK

T1005 - Data from Local System T1190 - Exploit Public-Facing Application T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026