CVE-2019-9622

MEDIUM

ebrigade < 4.5 - Arbitrary File Download via showfile.php File Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-9622. PoCs published by AkkuS.

AI-analyzed exploit summary This exploit leverages an arbitrary file download vulnerability in eBrigade ERP <= 4.5 via the 'showfile.php' endpoint, allowing authenticated users to read sensitive files or download database backups. The PoC includes interactive menus for file selection and backup retrieval.

Description

eBrigade through 4.5 allows Arbitrary File Download via ../ directory traversal in the showfile.php file parameter, as demonstrated by reading the user-data/save/backup.sql file.

Exploits (1)

exploitdb WORKING POC
by AkkuS · pythonwebappsphp
https://www.exploit-db.com/exploits/46109

This exploit leverages an arbitrary file download vulnerability in eBrigade ERP <= 4.5 via the 'showfile.php' endpoint, allowing authenticated users to read sensitive files or download database backups. The PoC includes interactive menus for file selection and backup retrieval.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: eBrigade ERP <= 4.5
Auth required
Prerequisites: Valid credentials for the target system · Network access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46109
Third Party Advisory x_refsource_misc
https://sourceforge.net/p/ebrigade/code/5912/

Scores

CVSS v3 4.3
EPSS 0.0488
EPSS Percentile 90.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
ebrigade/ebrigade < 4.5
Published Mar 07, 2019
Tracked Since Feb 18, 2026