EIP-2026-112685

PRE-CVE

Tilde CMS 1.01 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-112685. PoCs published by Raffaele Forte.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in Tilde CMS 1.01, including SQL injection, path traversal, arbitrary file upload, and insecure direct object references. It provides code snippets, exploitation techniques, and affected components.

Description

Tilde CMS 1.01 - Multiple Vulnerabilities

Exploits (1)

exploitdb WRITEUP

by Raffaele Forte · textwebappsphp

https://www.exploit-db.com/exploits/42348

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple vulnerabilities in Tilde CMS 1.01, including SQL injection, path traversal, arbitrary file upload, and insecure direct object references. It provides code snippets, exploitation techniques, and affected components.

Classification

Writeup 100%

Attack Type

Sqli | Info Leak | Auth Bypass | Other

Complexity

Moderate

Reliability

Reliable

Target: Tilde CMS 1.01

No auth needed

Prerequisites: Access to the web application · Valid table name for SQLi exploitation

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026