EIP-2026-110927

PRE-CVE

PHPAuctionSystem - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110927. PoCs published by Sid3^effects.

AI-analyzed exploit summary The document describes an upload vulnerability in PHPAuctionSystem where an attacker can inject malicious code into the item description field during the 'sell an item' process, leading to arbitrary code execution. The steps outline a stored XSS or file upload attack vector, but no functional exploit code is provided.

Description

PHPAuctionSystem - Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP

by Sid3^effects · textwebappsphp

https://www.exploit-db.com/exploits/13892

View Code ZIP pw:eip

The document describes an upload vulnerability in PHPAuctionSystem where an attacker can inject malicious code into the item description field during the 'sell an item' process, leading to arbitrary code execution. The steps outline a stored XSS or file upload attack vector, but no functional exploit code is provided.

Classification

Writeup 80%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: PHPAuctionSystem (version unspecified)

Auth required

Prerequisites: Registered user account · Access to 'sell an item' feature

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026