EIP-2026-112511

PRE-CVE

SweetRice < 0.6.4 - 'FCKeditor' Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112511. PoCs published by ITSecTeam.

AI-analyzed exploit summary This is a technical writeup describing an unauthenticated file upload vulnerability in SweetRice CMS versions prior to 0.6.4. The vulnerability exists due to misconfigured file extension restrictions in the FCKeditor plugin, allowing remote attackers to upload files with predefined extensions without authentication.

Description

SweetRice < 0.6.4 - 'FCKeditor' Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP

by ITSecTeam · textwebappsphp

https://www.exploit-db.com/exploits/14184

View Code ZIP pw:eip

This is a technical writeup describing an unauthenticated file upload vulnerability in SweetRice CMS versions prior to 0.6.4. The vulnerability exists due to misconfigured file extension restrictions in the FCKeditor plugin, allowing remote attackers to upload files with predefined extensions without authentication.

Classification

Writeup 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: SweetRice CMS < 0.6.4

No auth needed

Prerequisites: Access to the target web application · FCKeditor plugin enabled

MITRE ATT&CK

T1132 - Data Encoding T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026