EIP-2026-113065

PRE-CVE

Viart Shopping Cart 5.0 - Cross-Site Request Forgery / Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-113065. PoCs published by Ali Ghanbari.

AI-analyzed exploit summary This is a functional CSRF exploit for Viart Shopping Cart 5.0 that uploads a shell via a crafted multipart/form-data POST request. The exploit leverages missing CSRF protection and directory traversal to place a PHP shell in the images directory.

Description

Viart Shopping Cart 5.0 - Cross-Site Request Forgery / Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC

by Ali Ghanbari · htmlwebappsphp

https://www.exploit-db.com/exploits/39932

View Code ZIP pw:eip

This is a functional CSRF exploit for Viart Shopping Cart 5.0 that uploads a shell via a crafted multipart/form-data POST request. The exploit leverages missing CSRF protection and directory traversal to place a PHP shell in the images directory.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Viart Shopping Cart 5.0

Auth required

Prerequisites: Admin session active in the victim's browser · Victim must visit the malicious page

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026