EIP-2026-114291

PRE-CVE

WordPress Plugin Zarzadzonie Kontem - 'ajaxfilemanager.php' Script Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114291. PoCs published by Ashiyane Digital Security Team.

AI-analyzed exploit summary The provided text describes an arbitrary file-upload vulnerability in the Zarzadzonie Kontem WordPress plugin, which fails to validate uploaded files, potentially leading to remote code execution. The exploit path is specified, but no functional code is included.

Description

WordPress Plugin Zarzadzonie Kontem - 'ajaxfilemanager.php' Script Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ashiyane Digital Security Team · textwebappsphp

https://www.exploit-db.com/exploits/38050

View Code ZIP pw:eip

The provided text describes an arbitrary file-upload vulnerability in the Zarzadzonie Kontem WordPress plugin, which fails to validate uploaded files, potentially leading to remote code execution. The exploit path is specified, but no functional code is included.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Zarzadzonie Kontem WordPress plugin

No auth needed

Prerequisites: Access to the vulnerable plugin endpoint

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026