EIP-2026-112054

PRE-CVE

SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112054. PoCs published by Sammy FORGIT.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in Pixlr Image Editor 1.0.4, allowing attackers to upload and execute malicious PHP files on the server. The PoC uses cURL to send a crafted POST request to the vulnerable upload endpoint.

Description

SilverStripe CMS Pixlr Image Editor - 'upload.php' Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sammy FORGIT · textwebappsphp

https://www.exploit-db.com/exploits/37451

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in Pixlr Image Editor 1.0.4, allowing attackers to upload and execute malicious PHP files on the server. The PoC uses cURL to send a crafted POST request to the vulnerable upload endpoint.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Pixlr Image Editor 1.0.4

No auth needed

Prerequisites: Access to the vulnerable upload endpoint · Ability to send HTTP POST requests

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026