EIP-2026-111720

PRE-CVE

Recipe Script 5.0 - Arbitrary File Upload / Cross-Site Request Forgery / Cross-Site Scripting

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111720. PoCs published by Milos Zivanovic.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in Recipe Script v5.0, including shell upload, XSRF, and XSS. It provides detailed steps and PoC code for exploiting these vulnerabilities.

Description

Recipe Script 5.0 - Arbitrary File Upload / Cross-Site Request Forgery / Cross-Site Scripting

Exploits (1)

exploitdb WORKING POC VERIFIED

by Milos Zivanovic · textwebappsphp

https://www.exploit-db.com/exploits/10472

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in Recipe Script v5.0, including shell upload, XSRF, and XSS. It provides detailed steps and PoC code for exploiting these vulnerabilities.

Classification

Working Poc 90%

Attack Type

Xss | Auth Bypass | Other

Complexity

Trivial

Reliability

Reliable

Target: Recipe Script v5.0

Auth required

Prerequisites: Access to the admin panel · User interaction for XSRF

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026