EIP-2026-100722

PRE-CVE

McMurtrey/Whitaker & Associates Cart32 3.0/3.1/3.5 - Full Path Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100722. PoCs published by sozni.

AI-analyzed exploit summary The exploit demonstrates an information disclosure vulnerability in Cart32 by crafting specific URLs that reveal server paths and directories. The PoC includes direct HTTP requests to trigger the vulnerability without requiring authentication.

Description

McMurtrey/Whitaker & Associates Cart32 3.0/3.1/3.5 - Full Path Disclosure

Exploits (1)

exploitdb WORKING POC VERIFIED

by sozni · textremotecgi

https://www.exploit-db.com/exploits/20397

View Code ZIP pw:eip

The exploit demonstrates an information disclosure vulnerability in Cart32 by crafting specific URLs that reveal server paths and directories. The PoC includes direct HTTP requests to trigger the vulnerability without requiring authentication.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Cart32 (version not specified)

No auth needed

Prerequisites: Access to the target web server

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026