EIP-2026-112399

PRE-CVE

Sports Clubs Web Panel 0.0.1 - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112399. PoCs published by Stack.

AI-analyzed exploit summary This exploit demonstrates an arbitrary file upload vulnerability in Sports Clubs Web Panel 0.0.1, allowing attackers to upload malicious PHP files via the 'Add Ground' function. The exploit leverages a misconfiguration where the 'grounds' directory must be manually created by the admin, enabling unauthenticated file uploads.

Description

Sports Clubs Web Panel 0.0.1 - Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC VERIFIED

by Stack · textwebappsphp

https://www.exploit-db.com/exploits/6439

View Code ZIP pw:eip

This exploit demonstrates an arbitrary file upload vulnerability in Sports Clubs Web Panel 0.0.1, allowing attackers to upload malicious PHP files via the 'Add Ground' function. The exploit leverages a misconfiguration where the 'grounds' directory must be manually created by the admin, enabling unauthenticated file uploads.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Sports Clubs Web Panel 0.0.1

No auth needed

Prerequisites: Admin must create the 'grounds' directory in the public directory

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026