EIP-2026-110389

PRE-CVE

osCSS 1.2.1 - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110389. PoCs published by indoushka.

AI-analyzed exploit summary This exploit demonstrates a remote file upload vulnerability in osCSS 1.2.1, allowing an attacker to upload and execute arbitrary files via the file manager. The PoC provides HTML forms to upload files and create new files with arbitrary content.

Description

osCSS 1.2.1 - Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC

by indoushka · textwebappsphp

https://www.exploit-db.com/exploits/12856

View Code ZIP pw:eip

This exploit demonstrates a remote file upload vulnerability in osCSS 1.2.1, allowing an attacker to upload and execute arbitrary files via the file manager. The PoC provides HTML forms to upload files and create new files with arbitrary content.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: osCSS 1.2.1

No auth needed

Prerequisites: Access to the admin/file_manager.php endpoint

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026