Pachno 1.0.6 Unrestricted File Upload Remote Code Execution

Description

Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file types by bypassing ineffective extension filtering to the /uploadfile endpoint. Attackers can upload executable files .php5 scripts to web-accessible directories and execute them to achieve remote code execution on the server.

Affected Products

Vendor	Product	Versions
pachno	pachno	1.0.6

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2026-5982.php(third-party-advisory)
https://www.vulncheck.com/advisories/pachno-unrestricted-file-upload-remote-code-execution(third-party-advisory)

Related News (1 articles)

Tier C

VulDB5d ago

CVE-2026-40040 | Pachno 1.0.6 /uploadfile unrestricted upload (ZSL-2026-5982)

→ No new info (linked only)

CVSS 3.18.8 NONE

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-434

PublishedApr 13, 2026

Last enriched5d agov2

Trending Score19

Source articles1

Independent1

Info Completeness7/14

Missing: cvss, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (4)

Version History

Last enriched 5d ago

v2Tier C5d ago

Updated severity to CRITICAL, marked as actively exploited, and provided a more detailed description of the vulnerability.

severityactivelyExploiteddescription

via VulDB

v15d ago

Initial creation