EIP-2026-110998

PRE-CVE

Phpbuddies - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-110998. PoCs published by Xr0b0t.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in Phpbuddies CMS, allowing attackers to upload malicious PHP files by bypassing extension checks. The PoC outlines steps to exploit the vulnerability via the profile photo upload feature.

Description

Phpbuddies - Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC

by Xr0b0t · textwebappsphp

https://www.exploit-db.com/exploits/17007

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in Phpbuddies CMS, allowing attackers to upload malicious PHP files by bypassing extension checks. The PoC outlines steps to exploit the vulnerability via the profile photo upload feature.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Phpbuddies CMS (version not specified)

Auth required

Prerequisites: Access to a vulnerable Phpbuddies CMS instance · User registration on the target site

MITRE ATT&CK

T1105 - Ingress Tool Transfer

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026