EIP-2026-110384
PRE-CVEosCommerce Online Merchant 2.2 - Arbitrary File Upload
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-110384. PoCs published by MasterGipy.
AI-analyzed exploit summary This exploit demonstrates a remote file upload vulnerability in Oscommerce Online Merchant v2.2 via the `/admin/file_manager.php` endpoint. It provides HTML forms to upload arbitrary files and create new files with custom content, enabling remote code execution (RCE) if a shell is uploaded.
Description
osCommerce Online Merchant 2.2 - Arbitrary File Upload
Exploits (1)
This exploit demonstrates a remote file upload vulnerability in Oscommerce Online Merchant v2.2 via the `/admin/file_manager.php` endpoint. It provides HTML forms to upload arbitrary files and create new files with custom content, enabling remote code execution (RCE) if a shell is uploaded.