EIP-2026-112643

PRE-CVE

The Uploader 2.0 - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112643. PoCs published by Master Mind.

AI-analyzed exploit summary This is a writeup describing an arbitrary file upload vulnerability in 'The Uploader 2.0' PHP script, allowing attackers to upload malicious files (e.g., shells) to achieve remote code execution (RCE). The exploit lacks actual code but provides a high-level description of the attack vector.

Description

The Uploader 2.0 - Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP VERIFIED

by Master Mind · textwebappsphp

https://www.exploit-db.com/exploits/10594

View Code ZIP pw:eip

This is a writeup describing an arbitrary file upload vulnerability in 'The Uploader 2.0' PHP script, allowing attackers to upload malicious files (e.g., shells) to achieve remote code execution (RCE). The exploit lacks actual code but provides a high-level description of the attack vector.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: The Uploader 2.0

No auth needed

Prerequisites: access to the upload functionality · ability to craft a malicious file

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026