EIP-2026-119148

PRE-CVE

Small HTTP Server 3.05.28 - Arbitrary Data Execution

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-119148. PoCs published by basher13.

AI-analyzed exploit summary This Perl script exploits an arbitrary file write vulnerability in sHTTP FTPServer to deface the homepage. It authenticates with default credentials, retrieves the FTP configuration, backs up the original index.htm, and replaces it with attacker-controlled content.

Description

Small HTTP Server 3.05.28 - Arbitrary Data Execution

Exploits (1)

exploitdb WORKING POC VERIFIED

by basher13 · perlremotewindows

https://www.exploit-db.com/exploits/1108

View Code ZIP pw:eip

This Perl script exploits an arbitrary file write vulnerability in sHTTP FTPServer to deface the homepage. It authenticates with default credentials, retrieves the FTP configuration, backs up the original index.htm, and replaces it with attacker-controlled content.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: sHTTP FTPServer 3.05.28

Auth required

Prerequisites: Network access to the FTP server · Default or known credentials

MITRE ATT&CK

T1059 - Command and Scripting Interpreter T1505.003 - Web Shell

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026