EIP-2026-100372

PRE-CVE

IISWorks FileMan - fileman.mdb Remote User Database Disclosure

Title source: legacy
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100372. PoCs published by j0fer.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in IISWorks FileMan, where an unencrypted Microsoft Access database file is directly downloadable due to improper IIS permissions. The vulnerability allows remote attackers to access sensitive user and permission data.

Description

IISWorks FileMan - fileman.mdb Remote User Database Disclosure

Exploits (1)

exploitdb WRITEUP VERIFIED
by j0fer · textwebappsasp
https://www.exploit-db.com/exploits/13886

This is a writeup describing an information disclosure vulnerability in IISWorks FileMan, where an unencrypted Microsoft Access database file is directly downloadable due to improper IIS permissions. The vulnerability allows remote attackers to access sensitive user and permission data.

Classification
Writeup 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: IISWorks FileMan (version not specified)
No auth needed
Prerequisites: Read permissions not revoked on the /Database folder in IIS
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve
Tracked Since Feb 18, 2026