EIP-2026-111386

PRE-CVE

PodHawk 1.85 - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111386. PoCs published by CWH Underground.

AI-analyzed exploit summary This is a technical writeup describing an unrestricted file upload vulnerability in PodHawk 1.85, allowing authenticated users to upload arbitrary files leading to remote code execution. The vulnerability is located in the uploadify.php file, where insufficient validation allows malicious file uploads.

Description

PodHawk 1.85 - Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP

by CWH Underground · textwebappsphp

https://www.exploit-db.com/exploits/26414

View Code ZIP pw:eip

This is a technical writeup describing an unrestricted file upload vulnerability in PodHawk 1.85, allowing authenticated users to upload arbitrary files leading to remote code execution. The vulnerability is located in the uploadify.php file, where insufficient validation allows malicious file uploads.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PodHawk 1.85

Auth required

Prerequisites: Authenticated user access (Administrator or User role) · Access to the upload feature via the record1 page

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026