EIP-2026-112687
PRE-CVETime and Expense Management System - Multiple Vulnerabilities
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-112687. PoCs published by AutoSec Tools.
AI-analyzed exploit summary The exploit demonstrates a command injection vulnerability in Time and Expense Management System (TEMS) via a crafted multipart/form-data request to BackupData.php, allowing arbitrary command execution (e.g., launching calc.exe). It also includes a separate PoC for arbitrary file upload via Edit.php, enabling PHP shell deployment.
Description
Time and Expense Management System - Multiple Vulnerabilities
Exploits (1)
The exploit demonstrates a command injection vulnerability in Time and Expense Management System (TEMS) via a crafted multipart/form-data request to BackupData.php, allowing arbitrary command execution (e.g., launching calc.exe). It also includes a separate PoC for arbitrary file upload via Edit.php, enabling PHP shell deployment.