EIP-2026-111737

PRE-CVE

Relay Ajax Directory Manager relayb01-071706/1.5.1/1.5.3 - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-111737. PoCs published by RedTeam Pentesting GmbH.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated file upload vulnerability in Relay Ajax Directory Manager, allowing arbitrary file uploads leading to remote command execution via PHP scripts. The PoC includes curl commands to upload and execute a PHP file containing `phpinfo()`.

Description

Relay Ajax Directory Manager relayb01-071706/1.5.1/1.5.3 - Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC

by RedTeam Pentesting GmbH · textwebappsphp

https://www.exploit-db.com/exploits/39881

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated file upload vulnerability in Relay Ajax Directory Manager, allowing arbitrary file uploads leading to remote command execution via PHP scripts. The PoC includes curl commands to upload and execute a PHP file containing `phpinfo()`.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Relay Ajax Directory Manager (versions relayb01-071706, 1.5.1, 1.5.3)

No auth needed

Prerequisites: Access to the target web server · Web server configured to execute PHP files in the upload directory

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026