Vulnerability Report

CVE-2026-39292

RCE

Title: Unrestricted File Upload leading to RCE in PHPPageBuilder

RCE

Proof Of Concept

PoC Available for CVE-2026-39292

CWE Category NVD-CWE-noinfo

Published Date May 29, 2026

Modified Date Jun 01, 2026

Exploit Status Available

Score 7.3 CVSS v

Exploit Probability (EPSS)

0.47%

Vulnerability Summary

CVE-2026-39292: Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote attackers to upload arbitrary files and achieve remote code execution. The vulnerability exists due to insufficient validation of uploaded file types and executable content.

Impacted Vendors

Analysis in Progress...

Reference Links

https://github.com/HansSchouten/PHPageBuilder https://github.com/krishnadevpmelevila/CVE-2026-39292/tree/main

CVSS v3.1

Source Entity 134c704f-9b21-4f2e-91b3-4a467353bcc0

Severity HIGH

7.3

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2026-39292 Exploits & PoCs (Proof Of Concept)

GitHub https://github.com/krishnadevpmelevila/CVE-2026-39292

View Code

June 01, 2026 MODIFIED

Vulnerability data updated via NVD.

May 29, 2026 MODIFIED

Vulnerability data updated via NVD.

Attack Vector Matrix

Access Vector NETWORK

Complexity LOW

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected Stack

No specific products linked.