EIP-2026-112651

PRE-CVE

Thelia 1.3.5 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112651. PoCs published by BlackH.

AI-analyzed exploit summary This PHP script exploits multiple vulnerabilities in Thelia 1.3.5, including command validation bypass, remote code execution via file upload, and arbitrary file upload. It uses a custom HTTP client class to interact with the target application.

Description

Thelia 1.3.5 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC VERIFIED

by BlackH · phpwebappsphp

https://www.exploit-db.com/exploits/6006

View Code ZIP pw:eip

This PHP script exploits multiple vulnerabilities in Thelia 1.3.5, including command validation bypass, remote code execution via file upload, and arbitrary file upload. It uses a custom HTTP client class to interact with the target application.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Thelia 1.3.5

Auth required

Prerequisites: Access to admin interface · Valid command number or rubrique ID · Writable /client/ directory

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026