EIP-2026-102235

PRE-CVE

Files Desk Pro 1.4 iOS - Local File Inclusion

Title source: legacy

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102235. PoCs published by Vulnerability-Lab.

AI-analyzed exploit summary This exploit demonstrates a local file include vulnerability in Files Desk Pro v1.4 iOS via the `filename` parameter in the upload module. Attackers can inject malicious filenames to include local files or paths, potentially leading to unauthorized access or execution of arbitrary code.

Description

Files Desk Pro 1.4 iOS - Local File Inclusion

Exploits (1)

exploitdb WORKING POC

by Vulnerability-Lab · textwebappsios

https://www.exploit-db.com/exploits/33628

View Code ZIP pw:eip

This exploit demonstrates a local file include vulnerability in Files Desk Pro v1.4 iOS via the `filename` parameter in the upload module. Attackers can inject malicious filenames to include local files or paths, potentially leading to unauthorized access or execution of arbitrary code.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Files Desk Pro v1.4 iOS

No auth needed

Prerequisites: Access to the local WiFi interface of the Files Desk Pro app · Ability to intercept and modify POST requests

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Details

Status pre_cve

Tracked Since Feb 18, 2026