EIP-2026-112030

PRE-CVE

Shopping Portal ProVersion 3.0 - Authentication Bypass

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112030. PoCs published by Metin Yunus Kandemir.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass via SQL injection in the admin panel, followed by unauthenticated file upload leading to remote command execution. It automates the process of logging in, uploading a malicious PHP file, locating it, and executing arbitrary commands.

Description

Shopping Portal ProVersion 3.0 - Authentication Bypass

Exploits (1)

exploitdb WORKING POC VERIFIED

by Metin Yunus Kandemir · pythonwebappsphp

https://www.exploit-db.com/exploits/47834

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass via SQL injection in the admin panel, followed by unauthenticated file upload leading to remote command execution. It automates the process of logging in, uploading a malicious PHP file, locating it, and executing arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Shopping Portal Pro Version 3.0

No auth needed

Prerequisites: Target must be running Shopping Portal Pro Version 3.0 · Admin panel must be accessible · File upload functionality must be enabled

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505 - Server Software Component T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026