EIP-2026-100591

PRE-CVE

timelive time and expense tracking 4.1.1 - Multiple Vulnerabilities

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100591. PoCs published by Nathaniel Carew.

AI-analyzed exploit summary This exploit demonstrates directory traversal vulnerabilities in TimeLive Time and Expense Tracking software, allowing unauthorized download of sensitive files including the database and configuration files via manipulated file paths.

Description

timelive time and expense tracking 4.1.1 - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by Nathaniel Carew · textwebappsasp

https://www.exploit-db.com/exploits/17900

View Code ZIP pw:eip

This exploit demonstrates directory traversal vulnerabilities in TimeLive Time and Expense Tracking software, allowing unauthorized download of sensitive files including the database and configuration files via manipulated file paths.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: TimeLive Time and Expense Tracking <= 4.1.1

No auth needed

Prerequisites: Network access to the target application · FileDownload.aspx endpoint accessible

MITRE ATT&CK

T1005 - Data from Local System T1083 - File and Directory Discovery

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026