EIP-2026-110698

PRE-CVE

PHP File Uploader - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110698. PoCs published by indoushka.

AI-analyzed exploit summary This is a vulnerability writeup describing an arbitrary file upload vulnerability in PHP File Uploader. The application fails to restrict file types, allowing attackers to upload and execute arbitrary code on the server.

Description

PHP File Uploader - Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP VERIFIED

by indoushka · textwebappsphp

https://www.exploit-db.com/exploits/33986

View Code ZIP pw:eip

This is a vulnerability writeup describing an arbitrary file upload vulnerability in PHP File Uploader. The application fails to restrict file types, allowing attackers to upload and execute arbitrary code on the server.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PHP File Uploader (version not specified)

No auth needed

Prerequisites: Access to the file upload functionality

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026