EIP-2026-100730

PRE-CVE

TalentSoft Web+ Client/Monitor/server 4.6 - Source Code Disclosure

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-100730. PoCs published by Delphis Consulting.

AI-analyzed exploit summary The exploit demonstrates an information disclosure vulnerability in Talentsoft Web+ by appending '::$DATA' to a WML file request, which forces the server to reveal the source code of files on an NTFS partition. This can expose sensitive data such as credentials, table names, and other confidential information.

Description

TalentSoft Web+ Client/Monitor/server 4.6 - Source Code Disclosure

Exploits (1)

exploitdb WORKING POC VERIFIED

by Delphis Consulting · textremotecgi

https://www.exploit-db.com/exploits/20245

View Code ZIP pw:eip

The exploit demonstrates an information disclosure vulnerability in Talentsoft Web+ by appending '::$DATA' to a WML file request, which forces the server to reveal the source code of files on an NTFS partition. This can expose sensitive data such as credentials, table names, and other confidential information.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Talentsoft Web+

No auth needed

Prerequisites: Access to the target web server · Presence of WML or script files on an NTFS partition

MITRE ATT&CK

T1083 - File and Directory Discovery T1119 - Automated Collection

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026