CVE-2022-50890

HIGH

Owlfiles File Manager 12.0.1 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50890. PoCs published by Chokri Hammedi.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Owlfiles File Manager 12.0.1, including path traversal, LFI, and XSS via crafted HTTP/FTP requests. It provides functional proof-of-concept requests and responses showing successful exploitation.

Description

Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the device.

Exploits (1)

exploitdb WORKING POC
by Chokri Hammedi · textwebappsios
https://www.exploit-db.com/exploits/51036

The exploit demonstrates multiple vulnerabilities in Owlfiles File Manager 12.0.1, including path traversal, LFI, and XSS via crafted HTTP/FTP requests. It provides functional proof-of-concept requests and responses showing successful exploitation.

Classification
Working Poc 100%
Attack Type
Info Leak | Xss
Complexity
Trivial
Reliability
Reliable
Target: Owlfiles File Manager 12.0.1
No auth needed
Prerequisites: Access to the built-in HTTP/FTP server on the target device
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 7.5
EPSS 0.0093
EPSS Percentile 55.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (2)
skyjos/owlfiles 12.0.1
Skyjos/Owlfiles File Manager 12.0.1
Published Jan 13, 2026
Tracked Since Feb 18, 2026