EIP-2026-114585

PRE-CVE

ZeeMatri 3.x - Arbitrary File Upload

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-114585. PoCs published by SONIC.

AI-analyzed exploit summary This is a technical writeup describing an arbitrary file upload vulnerability in ZeeMatri v3x. The vulnerability allows attackers to upload malicious files disguised as images via the 'uploadsnaps.php' endpoint, potentially leading to remote code execution.

Description

ZeeMatri 3.x - Arbitrary File Upload

Exploits (1)

exploitdb WRITEUP

by SONIC · textwebappsphp

https://www.exploit-db.com/exploits/14445

View Code ZIP pw:eip

This is a technical writeup describing an arbitrary file upload vulnerability in ZeeMatri v3x. The vulnerability allows attackers to upload malicious files disguised as images via the 'uploadsnaps.php' endpoint, potentially leading to remote code execution.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: ZeeMatri v3x

No auth needed

Prerequisites: Access to the vulnerable endpoint '/uploadsnaps.php' · Ability to craft and upload a malicious file

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026