EIP-2026-114556

PRE-CVE

YUI Images Script - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114556. PoCs published by Mr.P3rfekT.

AI-analyzed exploit summary This exploit demonstrates a file upload vulnerability in YUI Images Script, allowing an attacker to upload a malicious PHP file disguised as an image (e.g., .php.giff) and achieve remote code execution (RCE). The exploit is trivial, requiring no authentication, and relies on the server misinterpreting the file extension.

Description

YUI Images Script - Arbitrary File Upload

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mr.P3rfekT · textwebappsphp

https://www.exploit-db.com/exploits/12227

View Code ZIP pw:eip

This exploit demonstrates a file upload vulnerability in YUI Images Script, allowing an attacker to upload a malicious PHP file disguised as an image (e.g., .php.giff) and achieve remote code execution (RCE). The exploit is trivial, requiring no authentication, and relies on the server misinterpreting the file extension.

Classification

Working Poc 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: YUI Images Script 1.0

No auth needed

Prerequisites: Access to the upload endpoint · Server misconfiguration allowing execution of uploaded files

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026