EIP-2026-113374
PRE-CVEWebtareas 2.1p - Arbitrary File Upload (Authenticated)
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-113374. PoCs published by AppleBois.
AI-analyzed exploit summary This exploit demonstrates an authenticated arbitrary file upload vulnerability in Webtareas 2.1p, allowing users to upload malicious files (e.g., .shtml) to the server. The HTTP request bypasses file extension restrictions by manipulating form-data parameters.
Description
Webtareas 2.1p - Arbitrary File Upload (Authenticated)
Exploits (1)
exploitdb
WORKING POC
by AppleBois · textwebappsphp
https://www.exploit-db.com/exploits/48709
This exploit demonstrates an authenticated arbitrary file upload vulnerability in Webtareas 2.1p, allowing users to upload malicious files (e.g., .shtml) to the server. The HTTP request bypasses file extension restrictions by manipulating form-data parameters.
Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:
Webtareas 2.1 and 2.1p
Auth required
Prerequisites:
Authenticated session · Access to the file upload endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026