EIP-2026-112290

PRE-CVE

Social Engine 4.x (Music Plugin) - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112290. PoCs published by MyDoom.

AI-analyzed exploit summary This is a technical writeup describing an arbitrary file upload vulnerability in Social Engine 4.x's Music Plugin. The vulnerability arises from insufficient file type validation, allowing attackers to upload malicious files (e.g., PHP shells) by bypassing the client-side filter.

Description

Social Engine 4.x (Music Plugin) - Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP

by MyDoom · textwebappsphp

https://www.exploit-db.com/exploits/15830

View Code ZIP pw:eip

This is a technical writeup describing an arbitrary file upload vulnerability in Social Engine 4.x's Music Plugin. The vulnerability arises from insufficient file type validation, allowing attackers to upload malicious files (e.g., PHP shells) by bypassing the client-side filter.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Social Engine 4.x (Music Plugin)

Auth required

Prerequisites: Access to a vulnerable Social Engine instance · User account registration · Music Plugin enabled

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026