EIP-2026-112111

PRE-CVE

Simple Machines Forum (SMF) 1.1.15 - 'fckeditor' Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112111. PoCs published by HELLBOY.

AI-analyzed exploit summary The provided text describes an arbitrary file upload vulnerability in Simple Machines Forum 1.1.15, allowing attackers to execute arbitrary code by exploiting improper input sanitization in the FCKeditor component. The exploit path is provided, but no functional code is included.

Description

Simple Machines Forum (SMF) 1.1.15 - 'fckeditor' Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP VERIFIED

by HELLBOY · textwebappsphp

https://www.exploit-db.com/exploits/36410

View Code ZIP pw:eip

The provided text describes an arbitrary file upload vulnerability in Simple Machines Forum 1.1.15, allowing attackers to execute arbitrary code by exploiting improper input sanitization in the FCKeditor component. The exploit path is provided, but no functional code is included.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Simple Machines Forum 1.1.15

No auth needed

Prerequisites: Access to the FCKeditor file manager interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026